nixpkgs/pkgs/tools/networking/socat/enable-ecdhe.patch
Andrey Arapov 7a7e59d2a9 socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack
socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack
(CVE Id pending), improves SSL client security, and provides a couple of bug and
porting fixes.

Among new features, socat now enables OpenSSL server side use of ECDHE ciphers,
providing PFS (Perfect Forward Secrecy)

http://www.dest-unreach.org/socat/doc/CHANGES
2015-01-25 13:48:11 +01:00

19 lines
536 B
Diff

--- socat-1.7.3.0/xio-openssl.c 2015-01-24 15:33:42.000000000 +0100
+++ socat-1.7.3.0-ecdhe/xio-openssl.c 2015-01-25 13:38:54.353641097 +0100
@@ -960,7 +960,6 @@
}
}
-#if defined(EC_KEY) /* not on Openindiana 5.11 */
{
/* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */
int nid;
@@ -982,7 +981,6 @@
SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
}
-#endif /* !defined(EC_KEY) */
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
if (opt_compress) {