mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Fix #2362: TLS1.3/openssl-1.1.1 not working.
git-svn-id: file:///svn/unbound/trunk@4396 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
d905317682
commit
621b1c57a3
2 changed files with 4 additions and 1 deletions
|
|
@ -1,3 +1,6 @@
|
||||||
|
3 November 2017: Wouter
|
||||||
|
- Fix #2362: TLS1.3/openssl-1.1.1 not working.
|
||||||
|
|
||||||
2 November 2017: Wouter
|
2 November 2017: Wouter
|
||||||
- Fix #1913: ub_ctx_config is under circumstances thread-safe.
|
- Fix #1913: ub_ctx_config is under circumstances thread-safe.
|
||||||
- make ip-transparent option work on OpenBSD.
|
- make ip-transparent option work on OpenBSD.
|
||||||
|
|
|
||||||
|
|
@ -645,7 +645,7 @@ listen_sslctx_setup(void* ctxt)
|
||||||
#endif
|
#endif
|
||||||
#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
|
#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
|
||||||
/* if we have sha256, set the cipher list to have no known vulns */
|
/* if we have sha256, set the cipher list to have no known vulns */
|
||||||
if(!SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
|
if(!SSL_CTX_set_cipher_list(ctx, "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
|
||||||
log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
|
log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue