rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites

Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS version 1.3 for NFS-over-TLS, as required by the draft (someday to be an RFC). This patch replaces SSL_CTX_set_cipher_list() with SSL_CTX_set_ciphersuites(), since that is the function that is used for TLS1.3. The man page will be updated in a separate commit. MFC after: 2 weeks
2024-07-23 19:28:36 +00:00 · 2022-05-22 13:49:08 -07:00 · 2022-05-22 13:49:08 -07:00 · f5b40aa0de
parent 8d098deda3
commit f5b40aa0de
1 changed files with 4 additions and 4 deletions
--- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
+++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
@ -188,7 +188,7 @@ main(int argc, char **argv)
 			break;
 		default:
 			fprintf(stderr, "usage: %s "
-			    "[-C/--ciphers preferred_ciphers] "
+			    "[-C/--ciphers available_ciphers] "
 			    "[-D/--certdir certdir] [-d/--debuglevel] "
 			    "[-l/--verifylocs CAfile] [-m/--mutualverf] "
 			    "[-p/--verifydir CApath] [-r/--crl CRLfile] "
@ -486,13 +486,13 @@ rpctls_setupcl_ssl(void)

 	if (rpctls_ciphers != NULL) {
 		/*
-		 * Set preferred ciphers, since KERN_TLS only supports a
+		 * Set available ciphers, since KERN_TLS only supports a
 		 * few of them.
 		 */
-		ret = SSL_CTX_set_cipher_list(ctx, rpctls_ciphers);
+		ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers);
 		if (ret == 0) {
 			rpctls_verbose_out("rpctls_setupcl_ssl: "
-			    "SSL_CTX_set_cipher_list failed: %s\n",
+			    "SSL_CTX_set_ciphersuites failed: %s\n",
 			    rpctls_ciphers);
 			SSL_CTX_free(ctx);
 			return (NULL);