mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-07 09:00:28 +00:00
rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites
Commit0b4f2ab0e9
fixes the krpc so that it can use TLS version 1.3 for NFS-over-TLS, as required by the draft (someday to be an RFC). This patch replaces SSL_CTX_set_cipher_list() with SSL_CTX_set_ciphersuites(), since that is the function that is used for TLS1.3. The man page will be updated in a separate commit. (cherry picked from commitf5b40aa0de
)
This commit is contained in:
parent
e080b609a8
commit
927f75933b
|
@ -188,7 +188,7 @@ main(int argc, char **argv)
|
|||
break;
|
||||
default:
|
||||
fprintf(stderr, "usage: %s "
|
||||
"[-C/--ciphers preferred_ciphers] "
|
||||
"[-C/--ciphers available_ciphers] "
|
||||
"[-D/--certdir certdir] [-d/--debuglevel] "
|
||||
"[-l/--verifylocs CAfile] [-m/--mutualverf] "
|
||||
"[-p/--verifydir CApath] [-r/--crl CRLfile] "
|
||||
|
@ -486,13 +486,13 @@ rpctls_setupcl_ssl(void)
|
|||
|
||||
if (rpctls_ciphers != NULL) {
|
||||
/*
|
||||
* Set preferred ciphers, since KERN_TLS only supports a
|
||||
* Set available ciphers, since KERN_TLS only supports a
|
||||
* few of them.
|
||||
*/
|
||||
ret = SSL_CTX_set_cipher_list(ctx, rpctls_ciphers);
|
||||
ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers);
|
||||
if (ret == 0) {
|
||||
rpctls_verbose_out("rpctls_setupcl_ssl: "
|
||||
"SSL_CTX_set_cipher_list failed: %s\n",
|
||||
"SSL_CTX_set_ciphersuites failed: %s\n",
|
||||
rpctls_ciphers);
|
||||
SSL_CTX_free(ctx);
|
||||
return (NULL);
|
||||
|
|
Loading…
Reference in a new issue