[ocserv] Comply with system-wide crypto policies
Nikos Mavrogiannopoulos
nmav at fedoraproject.org
Tue Jan 6 15:48:05 UTC 2015
commit a7f82c575368a44e9aaa01a9e24d89c966935f82
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Tue Jan 6 16:38:41 2015 +0100
Comply with system-wide crypto policies
Resolves: rhbz#1179332
ocserv.conf | 3 ++-
ocserv.spec | 5 ++++-
2 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/ocserv.conf b/ocserv.conf
index b754103..04e5b0e 100644
--- a/ocserv.conf
+++ b/ocserv.conf
@@ -131,7 +131,8 @@ ca-cert = /etc/pki/ocserv/cacerts/ca.crt
#crl = /path/to/crl.pem
# GnuTLS priority string
-tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
+#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
+tls-priorities = "@SYSTEM"
# To enforce perfect forward secrecy (PFS) on the main channel.
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
diff --git a/ocserv.spec b/ocserv.spec
index 2e3431f..e428c08 100644
--- a/ocserv.spec
+++ b/ocserv.spec
@@ -1,6 +1,6 @@
Name: ocserv
Version: 0.8.9
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: OpenConnect SSL VPN server
# For a breakdown of the licensing, see PACKAGE-LICENSING
@@ -146,6 +146,9 @@ rm -rf %{buildroot}
%{_localstatedir}/lib/ocserv/profile.xml
%changelog
+* Tue Jan 6 2015 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.8.9-3
+- Comply with system-wide crypto policies (#1179332)
+
* Mon Jan 5 2015 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.8.9-2
- ocserv.service: depend on network-online.target (#1178760)
- enable seccomp (on platforms it is available)
More information about the scm-commits
mailing list