diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2014-06-23 13:50:49 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2014-06-23 13:52:22 +0000 |
commit | 11979bbe99261335a199ff6e223affc6ad2cc685 (patch) | |
tree | 47eec120eac78f90f01902bd05022c71f7e95fe6 | |
parent | Update debian/rules to bootstrap without libimlib2-dev (closes: #738208) (diff) | |
download | w3m-11979bbe99261335a199ff6e223affc6ad2cc685.tar.gz w3m-11979bbe99261335a199ff6e223affc6ad2cc685.zip |
New patch 330_Disable-weak-ciphers.patch (LP: #1325674)
-rw-r--r-- | debian/patches/330_Disable-weak-ciphers.patch | 16 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 17 insertions, 0 deletions
diff --git a/debian/patches/330_Disable-weak-ciphers.patch b/debian/patches/330_Disable-weak-ciphers.patch new file mode 100644 index 0000000..a243c61 --- /dev/null +++ b/debian/patches/330_Disable-weak-ciphers.patch @@ -0,0 +1,16 @@ +Subject: Disable ciphers that use keys smaller than 128 bits +From: Tatsuya Kinoshita <tats@debian.org> +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674 + +diff --git a/url.c b/url.c +index ed6062e..e6b51c8 100644 +--- a/url.c ++++ b/url.c +@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert) + SSL_load_error_strings(); + if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) + goto eend; ++ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!EXP"); + option = SSL_OP_ALL; + if (ssl_forbid_method) { + if (strchr(ssl_forbid_method, '2')) diff --git a/debian/patches/series b/debian/patches/series index d887f52..e7e1572 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -31,4 +31,5 @@ 300_manual-links.patch 310_doc-ascii.patch 320_imlib2-config.patch +330_Disable-weak-ciphers.patch 900_ChangeLog.patch |