Created
November 22, 2018 11:11
-
-
Save kteru/667292b9c1d3c68604c15f7def738e71 to your computer and use it in GitHub Desktop.
Overwrite default set of TLSv1.3 ciphersuites
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- include/openssl/ssl.h.orig 2018-11-20 22:35:40.000000000 +0900 | |
+++ include/openssl/ssl.h 2018-11-22 19:52:15.000000000 +0900 | |
@@ -173,12 +173,12 @@ | |
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" | |
/* This is the default set of TLSv1.3 ciphersuites */ | |
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ | |
- "TLS_CHACHA20_POLY1305_SHA256:" \ | |
- "TLS_AES_128_GCM_SHA256" | |
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \ | |
+ "TLS_AES_256_GCM_SHA384:" \ | |
+ "TLS_CHACHA20_POLY1305_SHA256" | |
# else | |
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ | |
- "TLS_AES_128_GCM_SHA256" | |
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \ | |
+ "TLS_AES_256_GCM_SHA384" | |
#endif | |
/* | |
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always |
Hi @kteru and thank you!
But, how to build OpenSSL from source code using this openssl.cnf
?
I build OpenSSL with:
./config --prefix=/opt/ssl --openssldir=/opt/ssl
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@iz8mbw
Hi,
Yes, it also compatible with 1.1.1h.
But it may be better to set order in your
openssl.cnf
.e.g.