|
|
|
@ -681,3 +681,16 @@ diff -up openssl-3.0.1/apps/ecparam.c.fips_list_curves openssl-3.0.1/apps/ecpara
|
|
|
|
|
if (comment == NULL)
|
|
|
|
|
comment = "CURVE DESCRIPTION NOT AVAILABLE";
|
|
|
|
|
if (sname == NULL)
|
|
|
|
|
diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c
|
|
|
|
|
--- openssl-3.0.1/ssl/ssl_ciph.c.nokrsa 2022-05-19 13:32:32.536708638 +0200
|
|
|
|
|
+++ openssl-3.0.1/ssl/ssl_ciph.c 2022-05-19 13:42:29.734002959 +0200
|
|
|
|
|
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
|
|
|
|
|
ctx->disabled_mkey_mask = 0;
|
|
|
|
|
ctx->disabled_auth_mask = 0;
|
|
|
|
|
|
|
|
|
|
+ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
|
|
|
|
|
+ ctx->disabled_mkey_mask |= SSL_kRSA;
|
|
|
|
|
+
|
|
|
|
|
/*
|
|
|
|
|
* We ignore any errors from the fetches below. They are expected to fail
|
|
|
|
|
* if theose algorithms are not available.
|
|
|
|
|