upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #1259: "--disable-ecdsa" argument overwritten

Browse source 
by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".


git-svn-id: file:///svn/unbound/trunk@4137 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2017-05-01 07:34:48 +00:00
parent cb253fafe7
commit 7940e854e6
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/remote.c
View file

@ -260,7 +260,7 @@ daemon_remote_create(struct config_file* cfg)
return NULL;
}
#endif
#ifdef SHA256_DIGEST_LENGTH
#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
/* if we have sha256, set the cipher list to have no known vulns */
if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list");

4
doc/Changelog
View file

@ -1,3 +1,7 @@
1 May 2017: Wouter
- Fix #1259: "--disable-ecdsa" argument overwritten
by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
26 April 2017: Ralph
- Implemented trust anchor signaling using key tag query.