194400 – [PATCH] security/libressl 2.1.0 does not support EC ciphers in Apache24 and nginx

Bug 194400 - [PATCH] security/libressl 2.1.0 does not support EC ciphers in Apache24 and nginx

Summary: [PATCH] security/libressl 2.1.0 does not support EC ciphers in Apache24 and n...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Vsevolod Stakhov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-16 08:39 UTC by Bernard Spil
Modified:	2014-10-17 12:31 UTC (History)
CC List:	0 users

See Also:

Flags:	brnrd: maintainer-feedback? (vsevolod)

Attachments
ssl/t1_lib.c patch for files directory (862 bytes, patch) 2014-10-16 08:39 UTC, Bernard Spil	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernard Spil freebsd_committer

2014-10-16 08:39:56 UTC

Created attachment 148366 [details]
ssl/t1_lib.c patch for files directory

LibreSSL 2.1.0 removes elliptic curve ciphers in at least Apache 2.4 and nginx
This has been reported on libressl-portable in GitHub
https://github.com/libressl-portable/portable/issues/35
and has been fixed by OpenBSD 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/t1_lib.c

This patch is the diff between the 2.1.0 tarball and this version 1.64 of t1_lib.c

Tested on amd64 and verified that the ECDHE ciphers are available in Apache 2.4 from ports

Comment 1 Bugzilla Automation freebsd_committer

2014-10-16 08:39:56 UTC

Auto-assigned to maintainer vsevolod@FreeBSD.org

Comment 2 Vsevolod Stakhov freebsd_committer

2014-10-17 12:31:00 UTC

It is no longer needed with the recent 2.1.1 release. But thanks for the report anyway!