git: 2c59ffb05729 - stable/13 - rpc.tlsservd: Modify the -C option to use SSL_CTX_set_ciphersuites
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 05 Jun 2022 00:46:49 UTC
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=2c59ffb05729332e9b64545dd8a21e1c3bd0e690 commit 2c59ffb05729332e9b64545dd8a21e1c3bd0e690 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2022-05-22 20:44:31 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2022-06-05 00:45:31 +0000 rpc.tlsservd: Modify the -C option to use SSL_CTX_set_ciphersuites Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS version 1.3 for NFS-over-TLS, as required by the draft (someday to be an RFC). This patch replaces SSL_CTX_set_cipher_list() with SSL_CTX_set_ciphersuites(), since that is the function that is used for TLS1.3. (cherry picked from commit 8d098deda3786b223e44ad1bed923a6d66dfa341) --- usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index 96f3c06a5c2e..206a1f4fd3bd 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -238,6 +238,7 @@ main(int argc, char **argv) break; default: fprintf(stderr, "usage: %s " + "[-C/--ciphers available_ciphers] " "[-D/--certdir certdir] [-d/--debuglevel] " "[-h/--checkhost] " "[-l/--verifylocs CAfile] [-m/--mutualverf] " @@ -571,14 +572,14 @@ rpctls_setup_ssl(const char *certdir) if (rpctls_ciphers != NULL) { /* - * Set preferred ciphers, since KERN_TLS only supports a + * Set available ciphers, since KERN_TLS only supports a * few of them. Normally, not doing this should be ok, * since the library defaults will work. */ - ret = SSL_CTX_set_cipher_list(ctx, rpctls_ciphers); + ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers); if (ret == 0) { rpctls_verbose_out("rpctls_setup_ssl: " - "SSL_CTX_set_cipher_list failed: %s\n", + "SSL_CTX_set_ciphersuites failed: %s\n", rpctls_ciphers); SSL_CTX_free(ctx); return (NULL);