blob: 3dafb9aa6b0c2b27b478e9606ab66da4fe40cf2f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From b9cf79fd3d61a7586fe6b24b3141e406cdf334eb Mon Sep 17 00:00:00 2001
From: Jim Broadus <jbroadus@xevo.com>
Date: Wed, 2 Jan 2019 17:37:40 -0800
Subject: [PATCH] Fix anonymous SSL. In version 1.1.0, openssl introduced a
security level concept. Only level 0 allows the use of unauthenticated cipher
suites such as ADH.
---
src/sslhelper.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/sslhelper.c b/src/sslhelper.c
index 1a3e7474..04c2e273 100644
--- a/src/sslhelper.c
+++ b/src/sslhelper.c
@@ -1596,6 +1596,10 @@ static int switch_to_anon_dh(void) {
if (ssl_client_mode) {
return 1;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ /* Security level must be set to 0 for unauthenticated suites. */
+ SSL_CTX_set_security_level(ctx, 0);
+#endif
if (!SSL_CTX_set_cipher_list(ctx, "ADH:@STRENGTH")) {
return 0;
}
|