Hello community, here is the log from the commit of package openssl-1_1_0 for openSUSE:Factory checked in at 2017-09-04 12:34:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_1_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_1_0.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1_0" Mon Sep 4 12:34:23 2017 rev:6 rq:520158 version:1.1.0f Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_1_0/openssl-1_1_0.changes 2017-08-16 16:19:05.364108722 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_1_0.new/openssl-1_1_0.changes 2017-09-04 12:34:37.157882069 +0200 @@ -1,0 +2,9 @@ +Fri Sep 1 11:33:46 UTC 2017 - [email protected] + +- update DEFAULT_SUSE cipher list (bsc#1055825) + * add CHACHA20-POLY1305 + * add ECDSA ciphers + * remove 3DES +- modified openssl-1.0.1e-add-suse-default-cipher.patch + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1.0.1e-add-suse-default-cipher.patch ++++++ --- /var/tmp/diff_new_pack.yF664M/_old 2017-09-04 12:34:38.741659383 +0200 +++ /var/tmp/diff_new_pack.yF664M/_new 2017-09-04 12:34:38.741659383 +0200 @@ -1,8 +1,8 @@ -Index: openssl-1.1.0c/ssl/ssl_ciph.c +Index: openssl-1.1.0f/ssl/ssl_ciph.c =================================================================== ---- openssl-1.1.0c.orig/ssl/ssl_ciph.c 2016-12-08 16:13:39.990850602 +0100 -+++ openssl-1.1.0c/ssl/ssl_ciph.c 2016-12-08 16:13:40.022851089 +0100 -@@ -1468,7 +1468,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +--- openssl-1.1.0f.orig/ssl/ssl_ciph.c 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/ssl/ssl_ciph.c 2017-09-01 11:54:09.848587297 +0200 +@@ -1461,7 +1461,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ */ ok = 1; rule_p = rule_str; @@ -18,17 +18,19 @@ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail, ca_list, c); rule_p += 7; -Index: openssl-1.1.0c/include/openssl/ssl.h +Index: openssl-1.1.0f/include/openssl/ssl.h =================================================================== ---- openssl-1.1.0c.orig/include/openssl/ssl.h 2016-11-10 15:03:46.000000000 +0100 -+++ openssl-1.1.0c/include/openssl/ssl.h 2016-12-08 16:13:40.022851089 +0100 -@@ -195,6 +195,9 @@ extern "C" { +--- openssl-1.1.0f.orig/include/openssl/ssl.h 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/ssl.h 2017-09-01 13:16:59.850407734 +0200 +@@ -195,6 +195,11 @@ extern "C" { * an application-defined cipher list string starts with 'DEFAULT'. */ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" -+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ -+ "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ -+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA" ++# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\ ++ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\ ++ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ ++ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ ++ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is
