travispaul/ssl-bozo.patch

## ssl-bozo.patch
Index: ssl-bozo.c
===================================================================
RCS file: /cvsroot/src/libexec/httpd/ssl-bozo.c,v
retrieving revision 1.18
diff -u -r1.18 ssl-bozo.c
--- ssl-bozo.c  17 Jul 2014 06:27:52 -0000      1.18
+++ ssl-bozo.c  8 Dec 2015 02:16:13 -0000
@@ -48,6 +48,10 @@
 #define USE_ARG(x)     /*LINTED*/(void)&(x)
 #endif

+#ifndef BOZO_SSL_CIPHERS
+#define BOZO_SSL_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
+#endif
+
 /* this structure encapsulates the ssl info */
 typedef struct sslinfo_t {
        SSL_CTX                 *ssl_context;
@@ -196,6 +200,12 @@
        sslinfo->ssl_method = SSLv23_server_method();
        sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method);

+       SSL_CTX_set_options(sslinfo->ssl_context, SSL_OP_NO_SSLv3);
+
+       if (!SSL_CTX_set_cipher_list(sslinfo->ssl_context, BOZO_SSL_CIPHERS))
+               bozo_ssl_err(httpd, EXIT_FAILURE,
+                   "error setting cipher lis");
+
        if (NULL == sslinfo->ssl_context)
                bozo_ssl_err(httpd, EXIT_FAILURE,
                    "SSL context creation failed");
	Index: ssl-bozo.c
	===================================================================
	RCS file: /cvsroot/src/libexec/httpd/ssl-bozo.c,v
	retrieving revision 1.18
	diff -u -r1.18 ssl-bozo.c
	--- ssl-bozo.c 17 Jul 2014 06:27:52 -0000 1.18
	+++ ssl-bozo.c 8 Dec 2015 02:16:13 -0000
	@@ -48,6 +48,10 @@
	#define USE_ARG(x) /LINTED/(void)&(x)
	#endif

	+#ifndef BOZO_SSL_CIPHERS
	+#define BOZO_SSL_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
	+#endif
	+
	/* this structure encapsulates the ssl info */
	typedef struct sslinfo_t {
	SSL_CTX *ssl_context;
	@@ -196,6 +200,12 @@
	sslinfo->ssl_method = SSLv23_server_method();
	sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method);

	+ SSL_CTX_set_options(sslinfo->ssl_context, SSL_OP_NO_SSLv3);
	+
	+ if (!SSL_CTX_set_cipher_list(sslinfo->ssl_context, BOZO_SSL_CIPHERS))
	+ bozo_ssl_err(httpd, EXIT_FAILURE,
	+ "error setting cipher lis");
	+
	if (NULL == sslinfo->ssl_context)
	bozo_ssl_err(httpd, EXIT_FAILURE,
	"SSL context creation failed");