MSVSphere Packaging Team
3 months ago
parent
d7a98e35db
commit
f8c453f68b
GPG Key ID:
B2B0B9F29E528FE8
@ -1,4 +1,4 @@
|
||||
SOURCES/gmp-6.2.1.tar.xz
|
||||
SOURCES/gnutls-3.8.7.1.tar.xz
|
||||
SOURCES/gnutls-3.8.7.1.tar.xz.sig
|
||||
SOURCES/gnutls-3.8.8.tar.xz
|
||||
SOURCES/gnutls-3.8.8.tar.xz.sig
|
||||
SOURCES/nettle-3.10-hobbled.tar.xz
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz
|
||||
d66729d963c7a5fb170e4b3afeb63702a9ccd265 SOURCES/gnutls-3.8.7.1.tar.xz
|
||||
d4c1e07e58e09279687542c10d4463c62d12e3ce SOURCES/gnutls-3.8.7.1.tar.xz.sig
|
||||
facf87b8e4ae9234f34753b4ee6cd3e66078f0bf SOURCES/gnutls-3.8.8.tar.xz
|
||||
a497806fde5e59bae4d663db6bd52e1c0916b418 SOURCES/gnutls-3.8.8.tar.xz.sig
|
||||
762cc3c0a8cf735353927607a147d7bb802b5aad SOURCES/nettle-3.10-hobbled.tar.xz
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From 18c555b4d2461ad202996398609552b9c4ecd43b Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Wed, 22 Nov 2023 15:21:49 +0900
|
||||
Subject: [PATCH] gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
||||
|
||||
Signed-off-by: rpm-build <rpm-build>
|
||||
---
|
||||
tests/gnutls_ktls.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
|
||||
index ccbe566..049c888 100644
|
||||
--- a/tests/gnutls_ktls.c
|
||||
+++ b/tests/gnutls_ktls.c
|
||||
@@ -347,7 +347,6 @@ void doit(void)
|
||||
{
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
|
||||
- run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305");
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,165 +0,0 @@
|
||||
From 558cf23853f6ad0537daff4613d316265857b7fd Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Wed, 21 Aug 2024 14:50:54 +0900
|
||||
Subject: [PATCH] fips: skip HMAC checks of nettle libraries when statically
|
||||
linked
|
||||
|
||||
Since commit b6e9b10347ed577a9a37b7b28e1a039c5f6ccb16, it is possible
|
||||
to link Nettle libraries statically. In that case, FIPS integrity
|
||||
checks against the Nettle shared libraries should be skipped as they
|
||||
are not used by GnuTLS.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
lib/fips.c | 32 ++++++++++++++++++++++++--------
|
||||
lib/fipshmac.c | 12 ++++--------
|
||||
2 files changed, 28 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/lib/fips.c b/lib/fips.c
|
||||
index e5fce6b1b9..dc86a44354 100644
|
||||
--- a/lib/fips.c
|
||||
+++ b/lib/fips.c
|
||||
@@ -157,14 +157,6 @@ void _gnutls_fips_mode_reset_zombie(void)
|
||||
#define GNUTLS_LIBRARY_SONAME "none"
|
||||
#endif
|
||||
|
||||
-#ifndef NETTLE_LIBRARY_SONAME
|
||||
-#define NETTLE_LIBRARY_SONAME "none"
|
||||
-#endif
|
||||
-
|
||||
-#ifndef HOGWEED_LIBRARY_SONAME
|
||||
-#define HOGWEED_LIBRARY_SONAME "none"
|
||||
-#endif
|
||||
-
|
||||
#define HMAC_SIZE 32
|
||||
#define HMAC_ALGO GNUTLS_MAC_SHA256
|
||||
#define HMAC_FORMAT_VERSION 1
|
||||
@@ -177,8 +169,12 @@ struct hmac_entry {
|
||||
struct hmac_file {
|
||||
int version;
|
||||
struct hmac_entry gnutls;
|
||||
+#ifdef NETTLE_LIBRARY_SONAME
|
||||
struct hmac_entry nettle;
|
||||
+#endif
|
||||
+#ifdef HOGWEED_LIBRARY_SONAME
|
||||
struct hmac_entry hogweed;
|
||||
+#endif
|
||||
#ifdef GMP_LIBRARY_SONAME
|
||||
struct hmac_entry gmp;
|
||||
#endif
|
||||
@@ -186,8 +182,12 @@ struct hmac_file {
|
||||
|
||||
struct lib_paths {
|
||||
char gnutls[GNUTLS_PATH_MAX];
|
||||
+#ifdef NETTLE_LIBRARY_SONAME
|
||||
char nettle[GNUTLS_PATH_MAX];
|
||||
+#endif
|
||||
+#ifdef HOGWEED_LIBRARY_SONAME
|
||||
char hogweed[GNUTLS_PATH_MAX];
|
||||
+#endif
|
||||
#ifdef GMP_LIBRARY_SONAME
|
||||
char gmp[GNUTLS_PATH_MAX];
|
||||
#endif
|
||||
@@ -250,10 +250,14 @@ static int handler(void *user, const char *section, const char *name,
|
||||
}
|
||||
} else if (!strcmp(section, GNUTLS_LIBRARY_SONAME)) {
|
||||
return lib_handler(&p->gnutls, section, name, value);
|
||||
+#ifdef NETTLE_LIBRARY_SONAME
|
||||
} else if (!strcmp(section, NETTLE_LIBRARY_SONAME)) {
|
||||
return lib_handler(&p->nettle, section, name, value);
|
||||
+#endif
|
||||
+#ifdef HOGWEED_LIBRARY_SONAME
|
||||
} else if (!strcmp(section, HOGWEED_LIBRARY_SONAME)) {
|
||||
return lib_handler(&p->hogweed, section, name, value);
|
||||
+#endif
|
||||
#ifdef GMP_LIBRARY_SONAME
|
||||
} else if (!strcmp(section, GMP_LIBRARY_SONAME)) {
|
||||
return lib_handler(&p->gmp, section, name, value);
|
||||
@@ -403,10 +407,14 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
|
||||
|
||||
if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
|
||||
_gnutls_str_cpy(paths->gnutls, GNUTLS_PATH_MAX, path);
|
||||
+#ifdef NETTLE_LIBRARY_SONAME
|
||||
else if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
|
||||
_gnutls_str_cpy(paths->nettle, GNUTLS_PATH_MAX, path);
|
||||
+#endif
|
||||
+#ifdef HOGWEED_LIBRARY_SONAME
|
||||
else if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
|
||||
_gnutls_str_cpy(paths->hogweed, GNUTLS_PATH_MAX, path);
|
||||
+#endif
|
||||
#ifdef GMP_LIBRARY_SONAME
|
||||
else if (!strcmp(soname, GMP_LIBRARY_SONAME))
|
||||
_gnutls_str_cpy(paths->gmp, GNUTLS_PATH_MAX, path);
|
||||
@@ -423,14 +431,18 @@ static int load_lib_paths(struct lib_paths *paths)
|
||||
_gnutls_debug_log("Gnutls library path was not found\n");
|
||||
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
|
||||
}
|
||||
+#ifdef NETTLE_LIBRARY_SONAME
|
||||
if (paths->nettle[0] == '\0') {
|
||||
_gnutls_debug_log("Nettle library path was not found\n");
|
||||
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
|
||||
}
|
||||
+#endif
|
||||
+#ifdef HOGWEED_LIBRARY_SONAME
|
||||
if (paths->hogweed[0] == '\0') {
|
||||
_gnutls_debug_log("Hogweed library path was not found\n");
|
||||
return gnutls_assert_val(GNUTLS_E_FILE_ERROR);
|
||||
}
|
||||
+#endif
|
||||
#ifdef GMP_LIBRARY_SONAME
|
||||
if (paths->gmp[0] == '\0') {
|
||||
_gnutls_debug_log("Gmp library path was not found\n");
|
||||
@@ -483,12 +495,16 @@ static int check_binary_integrity(void)
|
||||
ret = check_lib_hmac(&hmac.gnutls, paths.gnutls);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
+#ifdef NETTLE_LIBRARY_SONAME
|
||||
ret = check_lib_hmac(&hmac.nettle, paths.nettle);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
+#endif
|
||||
+#ifdef HOGWEED_LIBRARY_SONAME
|
||||
ret = check_lib_hmac(&hmac.hogweed, paths.hogweed);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
+#endif
|
||||
#ifdef GMP_LIBRARY_SONAME
|
||||
ret = check_lib_hmac(&hmac.gmp, paths.gmp);
|
||||
if (ret < 0)
|
||||
diff --git a/lib/fipshmac.c b/lib/fipshmac.c
|
||||
index d3561b4c47..5c3202c561 100644
|
||||
--- a/lib/fipshmac.c
|
||||
+++ b/lib/fipshmac.c
|
||||
@@ -40,14 +40,6 @@
|
||||
#define GNUTLS_LIBRARY_SONAME "none"
|
||||
#endif
|
||||
|
||||
-#ifndef NETTLE_LIBRARY_SONAME
|
||||
-#define NETTLE_LIBRARY_SONAME "none"
|
||||
-#endif
|
||||
-
|
||||
-#ifndef HOGWEED_LIBRARY_SONAME
|
||||
-#define HOGWEED_LIBRARY_SONAME "none"
|
||||
-#endif
|
||||
-
|
||||
#define HMAC_SIZE 32
|
||||
#define HMAC_ALGO GNUTLS_MAC_SHA256
|
||||
#define HMAC_STR_SIZE (2 * HMAC_SIZE + 1)
|
||||
@@ -117,10 +109,14 @@ static int callback(struct dl_phdr_info *info, size_t size, void *data)
|
||||
|
||||
if (!strcmp(soname, GNUTLS_LIBRARY_SONAME))
|
||||
return print_lib(data ? data : path, soname);
|
||||
+#ifdef NETTLE_LIBRARY_SONAME
|
||||
if (!strcmp(soname, NETTLE_LIBRARY_SONAME))
|
||||
return print_lib(path, soname);
|
||||
+#endif
|
||||
+#ifdef HOGWEED_LIBRARY_SONAME
|
||||
if (!strcmp(soname, HOGWEED_LIBRARY_SONAME))
|
||||
return print_lib(path, soname);
|
||||
+#endif
|
||||
#ifdef GMP_LIBRARY_SONAME
|
||||
if (!strcmp(soname, GMP_LIBRARY_SONAME))
|
||||
return print_lib(path, soname);
|
||||
--
|
||||
2.46.0
|
||||
|
||||
@ -1,170 +0,0 @@
|
||||
From 292f96f26d7ce80e4a165c903c4fd569b85c1c1f Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 16 Aug 2024 09:42:15 +0900
|
||||
Subject: [PATCH 1/2] build: fix setting AM_CONDITIONAL for brotli and zstd
|
||||
|
||||
As the with_{libbrotli,libzsttd} variables are unset if configured
|
||||
with --without-{brotli,zstd}, check the unequality to "no" doesn't
|
||||
work; use explicit matching with "yes" instead.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
configure.ac | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 95ec4c1515..a476176800 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1158,7 +1158,7 @@ if test x$ac_brotli != xno; then
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
-AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" != "no" && test "$with_libbrotlidec" != "no")
|
||||
+AM_CONDITIONAL(HAVE_LIBBROTLI, test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes)
|
||||
|
||||
AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
|
||||
save_CFLAGS=$CFLAGS
|
||||
@@ -1203,7 +1203,7 @@ if test x$ac_zstd != xno; then
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
-AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" != "no")
|
||||
+AM_CONDITIONAL(HAVE_LIBZSTD, test "$with_libzstd" = yes)
|
||||
|
||||
AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
|
||||
save_CFLAGS=$CFLAGS
|
||||
--
|
||||
2.46.0
|
||||
|
||||
|
||||
From 546153198d2fb8fc4902f23de6254bb7988de534 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 16 Aug 2024 09:48:31 +0900
|
||||
Subject: [PATCH 2/2] build: don't emit Requires.private for dlopened libraries
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
configure.ac | 36 +++++++++++++++++++++---------------
|
||||
1 file changed, 21 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index a476176800..f3e7a3aeae 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1100,11 +1100,6 @@ if test x$ac_zlib != xno; then
|
||||
PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n)
|
||||
if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then
|
||||
PKG_CHECK_MODULES(ZLIB, [zlib])
|
||||
- if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
|
||||
- GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
|
||||
- else
|
||||
- GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
|
||||
- fi
|
||||
ac_zlib=yes
|
||||
else
|
||||
AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
|
||||
@@ -1134,6 +1129,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
|
||||
compress (0, 0, 0, 0);])])
|
||||
LIBS="$save_LIBS"
|
||||
CFLAGS="$save_CFLAGS"
|
||||
+],
|
||||
+ [test "$ZLIB_HAS_PKGCONFIG" = y && test "$ac_zlib" = yes], [
|
||||
+ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
|
||||
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
|
||||
+ else
|
||||
+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
|
||||
+ fi
|
||||
])
|
||||
|
||||
AC_ARG_WITH(brotli,
|
||||
@@ -1146,11 +1148,6 @@ if test x$ac_brotli != xno; then
|
||||
PKG_CHECK_MODULES(LIBBROTLIDEC, [libbrotlidec >= 1.0.0], [with_libbrotlidec=yes], [with_libbrotlidec=no])
|
||||
if test "${with_libbrotlienc}" = "yes" && test "${with_libbrotlidec}" = "yes"; then
|
||||
AC_DEFINE([HAVE_LIBBROTLI], 1, [Define if BROTLI compression is enabled.])
|
||||
- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
|
||||
- GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec"
|
||||
- else
|
||||
- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec"
|
||||
- fi
|
||||
need_ltlibdl=yes
|
||||
else
|
||||
AC_MSG_WARN(*** LIBBROTLI was not found. You will not be able to use BROTLI compression.)
|
||||
@@ -1180,6 +1177,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
|
||||
BrotliDecoderVersion();])])
|
||||
LIBS="$save_LIBS"
|
||||
CFLAGS="$save_CFLAGS"
|
||||
+],
|
||||
+ [test "$with_libbrotlienc" = yes && test "$with_libbrotlidec" = yes], [
|
||||
+ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
|
||||
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libbrotlienc, libbrotlidec"
|
||||
+ else
|
||||
+ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libbrotlienc, libbrotlidec"
|
||||
+ fi
|
||||
])
|
||||
|
||||
AC_ARG_WITH(zstd,
|
||||
@@ -1191,11 +1195,6 @@ if test x$ac_zstd != xno; then
|
||||
PKG_CHECK_MODULES(LIBZSTD, [libzstd >= 1.3.0], [with_libzstd=yes], [with_libzstd=no])
|
||||
if test "${with_libzstd}" = "yes"; then
|
||||
AC_DEFINE([HAVE_LIBZSTD], 1, [Define if ZSTD compression is enabled.])
|
||||
- if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
|
||||
- GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
|
||||
- else
|
||||
- GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd"
|
||||
- fi
|
||||
need_ltlibdl=yes
|
||||
else
|
||||
AC_MSG_WARN(*** LIBZSTD was not found. You will not be able to use ZSTD compression.)
|
||||
@@ -1215,6 +1214,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
|
||||
ZSTD_versionNumber();])])
|
||||
LIBS="$save_LIBS"
|
||||
CFLAGS="$save_CFLAGS"
|
||||
+],
|
||||
+ [test "$with_libzstd" = yes], [
|
||||
+ if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
|
||||
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libzstd"
|
||||
+ else
|
||||
+ GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libzstd"
|
||||
+ fi
|
||||
])
|
||||
|
||||
AC_ARG_WITH(liboqs,
|
||||
--
|
||||
2.46.0
|
||||
|
||||
From 8d0ec0ccdfeaae0d56426169d4c7b490e3b07826 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Fri, 16 Aug 2024 13:35:47 +0900
|
||||
Subject: [PATCH] build: add liboqs in Requires.private in gnutls.pc if needed
|
||||
|
||||
When --with-liboqs is specified and liboqs cannot be dlopen'ed, it
|
||||
will be linked at build time. In that case gnutls.pc should indicate
|
||||
that through Requires.private.
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
configure.ac | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index f3e7a3aeae..93ba723323 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1256,6 +1256,13 @@ AS_IF([test "$ac_cv_dlopen_soname_works" = yes], [
|
||||
OQS_version ();])])
|
||||
LIBS="$save_LIBS"
|
||||
CFLAGS="$save_CFLAGS"
|
||||
+],
|
||||
+ [test "$have_liboqs" = yes], [
|
||||
+ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
|
||||
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: liboqs"
|
||||
+ else
|
||||
+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, liboqs"
|
||||
+ fi
|
||||
])
|
||||
|
||||
AM_CONDITIONAL(NEED_LTLIBDL, test "$need_ltlibdl" = yes)
|
||||
--
|
||||
2.46.0
|
||||
|
||||
@ -0,0 +1,29 @@
|
||||
From a36b73a21e4b5b6e051b23192a645dea34c9d6af Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Tue, 5 Nov 2024 14:45:46 +0900
|
||||
Subject: [PATCH] tests: skip CHACHA20-POLY1305 in TLS 1.2 when KTLS is enabled
|
||||
|
||||
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||
---
|
||||
tests/gnutls_ktls.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
|
||||
index 90d3e9af91..d5ac4efecc 100644
|
||||
--- a/tests/gnutls_ktls.c
|
||||
+++ b/tests/gnutls_ktls.c
|
||||
@@ -347,9 +347,11 @@ void doit(void)
|
||||
{
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM");
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM");
|
||||
+#if 0
|
||||
if (!gnutls_fips140_mode_enabled()) {
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305");
|
||||
}
|
||||
+#endif
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM");
|
||||
run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM");
|
||||
if (!gnutls_fips140_mode_enabled()) {
|
||||
--
|
||||
2.47.0
|
||||
|
||||
Loading…
Reference in new issue