From a2efc33261b4bcb2f91dbf71a7f785efc2b2e14a Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 22 Feb 2015 14:55:41 +0000
Subject: [PATCH] Set the TLS ciphers to "compat" mode, restoring the previous
 behaviour.

---
 src/usr.sbin/ntpd/constraint.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c
index 8e0b2974..c9c923e0 100644
--- a/src/usr.sbin/ntpd/constraint.c
+++ b/src/usr.sbin/ntpd/constraint.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: constraint.c,v 1.4 2015/02/12 01:54:57 reyk Exp $	*/
+/*	$OpenBSD: constraint.c,v 1.5 2015/02/22 14:55:41 jsing Exp $	*/
 
 /*
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -595,6 +595,9 @@ httpsdate_init(const char *hname, const char *port, const char *name,
 	if ((httpsdate->tls_config = tls_config_new()) == NULL)
 		goto fail;
 
+	if (tls_config_set_ciphers(httpsdate->tls_config, "compat") != 0)
+		goto fail;
+
 	/* XXX we have to pre-resolve, so name and host are not equal */
 	tls_config_insecure_noverifyhost(httpsdate->tls_config);