Bug 194400

Summary: [PATCH] security/libressl 2.1.0 does not support EC ciphers in Apache24 and nginx
Product: Ports & Packages Reporter: Bernard Spil <brnrd>
Component: Individual Port(s)Assignee: Vsevolod Stakhov <vsevolod>
Status: Closed FIXED    
Severity: Affects Many People Flags: brnrd: maintainer-feedback? (vsevolod)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
ssl/t1_lib.c patch for files directory none

Description Bernard Spil freebsd_committer freebsd_triage 2014-10-16 08:39:56 UTC 
Created attachment 148366 [details]
ssl/t1_lib.c patch for files directory

LibreSSL 2.1.0 removes elliptic curve ciphers in at least Apache 2.4 and nginx
This has been reported on libressl-portable in GitHub
https://github.com/libressl-portable/portable/issues/35
and has been fixed by OpenBSD 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/t1_lib.c

This patch is the diff between the 2.1.0 tarball and this version 1.64 of t1_lib.c

Tested on amd64 and verified that the ECDHE ciphers are available in Apache 2.4 from ports
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2014-10-16 08:39:56 UTC 
Auto-assigned to maintainer vsevolod@FreeBSD.org
Comment 2 Vsevolod Stakhov freebsd_committer freebsd_triage 2014-10-17 12:31:00 UTC 
It is no longer needed with the recent 2.1.1 release. But thanks for the report anyway!