git: 927f75933b20 - stable/13 - rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 05 Jun 2022 00:57:44 UTC
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=927f75933b20e353bc69109caef39984faeae5a8 commit 927f75933b20e353bc69109caef39984faeae5a8 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2022-05-22 20:49:08 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2022-06-05 00:56:51 +0000 rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS version 1.3 for NFS-over-TLS, as required by the draft (someday to be an RFC). This patch replaces SSL_CTX_set_cipher_list() with SSL_CTX_set_ciphersuites(), since that is the function that is used for TLS1.3. The man page will be updated in a separate commit. (cherry picked from commit f5b40aa0dea690314bc70f88634a13cbaa53b6f0) --- usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c index f650c42c539d..0c2549578f2d 100644 --- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c +++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c @@ -188,7 +188,7 @@ main(int argc, char **argv) break; default: fprintf(stderr, "usage: %s " - "[-C/--ciphers preferred_ciphers] " + "[-C/--ciphers available_ciphers] " "[-D/--certdir certdir] [-d/--debuglevel] " "[-l/--verifylocs CAfile] [-m/--mutualverf] " "[-p/--verifydir CApath] [-r/--crl CRLfile] " @@ -486,13 +486,13 @@ rpctls_setupcl_ssl(void) if (rpctls_ciphers != NULL) { /* - * Set preferred ciphers, since KERN_TLS only supports a + * Set available ciphers, since KERN_TLS only supports a * few of them. */ - ret = SSL_CTX_set_cipher_list(ctx, rpctls_ciphers); + ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers); if (ret == 0) { rpctls_verbose_out("rpctls_setupcl_ssl: " - "SSL_CTX_set_cipher_list failed: %s\n", + "SSL_CTX_set_ciphersuites failed: %s\n", rpctls_ciphers); SSL_CTX_free(ctx); return (NULL);