Bug 194400 - [PATCH] security/libressl 2.1.0 does not support EC ciphers in Apache24 and nginx
Summary: [PATCH] security/libressl 2.1.0 does not support EC ciphers in Apache24 and n...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Vsevolod Stakhov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-16 08:39 UTC by Bernard Spil
Modified: 2014-10-17 12:31 UTC (History)
0 users

See Also:
brnrd: maintainer-feedback? (vsevolod)


Attachments
ssl/t1_lib.c patch for files directory (862 bytes, patch)
2014-10-16 08:39 UTC, Bernard Spil
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2014-10-16 08:39:56 UTC
Created attachment 148366 [details]
ssl/t1_lib.c patch for files directory

LibreSSL 2.1.0 removes elliptic curve ciphers in at least Apache 2.4 and nginx
This has been reported on libressl-portable in GitHub
https://github.com/libressl-portable/portable/issues/35
and has been fixed by OpenBSD 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/t1_lib.c

This patch is the diff between the 2.1.0 tarball and this version 1.64 of t1_lib.c

Tested on amd64 and verified that the ECDHE ciphers are available in Apache 2.4 from ports
Comment 1 Bugzilla Automation freebsd_committer 2014-10-16 08:39:56 UTC
Auto-assigned to maintainer vsevolod@FreeBSD.org
Comment 2 Vsevolod Stakhov freebsd_committer 2014-10-17 12:31:00 UTC
It is no longer needed with the recent 2.1.1 release. But thanks for the report anyway!