Browse Source

Set the TLS ciphers to "compat" mode, restoring the previous behaviour.

OPENBSD_5_7
jsing 9 years ago
parent
commit
a2efc33261
1 changed files with 4 additions and 1 deletions
  1. +4
    -1
      src/usr.sbin/ntpd/constraint.c

+ 4
- 1
src/usr.sbin/ntpd/constraint.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraint.c,v 1.4 2015/02/12 01:54:57 reyk Exp $ */
/* $OpenBSD: constraint.c,v 1.5 2015/02/22 14:55:41 jsing Exp $ */
/* /*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -595,6 +595,9 @@ httpsdate_init(const char *hname, const char *port, const char *name,
if ((httpsdate->tls_config = tls_config_new()) == NULL) if ((httpsdate->tls_config = tls_config_new()) == NULL)
goto fail; goto fail;
if (tls_config_set_ciphers(httpsdate->tls_config, "compat") != 0)
goto fail;
/* XXX we have to pre-resolve, so name and host are not equal */ /* XXX we have to pre-resolve, so name and host are not equal */
tls_config_insecure_noverifyhost(httpsdate->tls_config); tls_config_insecure_noverifyhost(httpsdate->tls_config);


Loading…
Cancel
Save