Set the TLS ciphers to "compat" mode, restoring the previous behaviour.

author: jsing <jsing@openbsd.org> 2015-02-22 14:55:40 +0000
committer: jsing <jsing@openbsd.org> 2015-02-22 14:55:40 +0000
commit: c7dffc0b36ed0d33661b476790058b3a171f77cc (patch)
tree: 2444e314f0347768eed23ce29c433956c0772762 /usr.sbin/ntpd/constraint.c
parent: In the interests of being secure by default, make the default TLS ciphers (diff)
download: wireguard-openbsd-c7dffc0b36ed0d33661b476790058b3a171f77cc.tar.xz
wireguard-openbsd-c7dffc0b36ed0d33661b476790058b3a171f77cc.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c
index 8e0b2974f21..c9c923e0d41 100644
--- a/usr.sbin/ntpd/constraint.c
+++ b/usr.sbin/ntpd/constraint.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: constraint.c,v 1.4 2015/02/12 01:54:57 reyk Exp $	*/
+/*	$OpenBSD: constraint.c,v 1.5 2015/02/22 14:55:41 jsing Exp $	*/
 
 /*
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -595,6 +595,9 @@ httpsdate_init(const char *hname, const char *port, const char *name,
 	if ((httpsdate->tls_config = tls_config_new()) == NULL)
 		goto fail;
 
+	if (tls_config_set_ciphers(httpsdate->tls_config, "compat") != 0)
+		goto fail;
+
 	/* XXX we have to pre-resolve, so name and host are not equal */
 	tls_config_insecure_noverifyhost(httpsdate->tls_config);
author	jsing <jsing@openbsd.org>	2015-02-22 14:55:40 +0000
committer	jsing <jsing@openbsd.org>	2015-02-22 14:55:40 +0000
commit	c7dffc0b36ed0d33661b476790058b3a171f77cc (patch)
tree	2444e314f0347768eed23ce29c433956c0772762 /usr.sbin/ntpd/constraint.c
parent	In the interests of being secure by default, make the default TLS ciphers (diff)
download	wireguard-openbsd-c7dffc0b36ed0d33661b476790058b3a171f77cc.tar.xz wireguard-openbsd-c7dffc0b36ed0d33661b476790058b3a171f77cc.zip