diff options
author | Rick Macklem <rmacklem@FreeBSD.org> | 2022-05-22 20:44:31 +0000 |
---|---|---|
committer | Rick Macklem <rmacklem@FreeBSD.org> | 2022-05-22 20:44:31 +0000 |
commit | 8d098deda3786b223e44ad1bed923a6d66dfa341 (patch) | |
tree | 01f6ec4c46f34564a618ebfce8246cf6a69603c5 /usr.sbin/rpc.tlsservd | |
parent | b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c (diff) | |
download | src-8d098deda3786b223e44ad1bed923a6d66dfa341.tar.gz src-8d098deda3786b223e44ad1bed923a6d66dfa341.zip |
rpc.tlsservd: Modify the -C option to use SSL_CTX_set_ciphersuites
Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
This patch replaces SSL_CTX_set_cipher_list() with
SSL_CTX_set_ciphersuites(), since that is the function
that is used for TLS1.3.
The man page has already been updated.
MFC after: 2 weeks
Diffstat (limited to 'usr.sbin/rpc.tlsservd')
-rw-r--r-- | usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index bbcdba319353..be81b1bab1fc 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -237,6 +237,7 @@ main(int argc, char **argv) break; default: fprintf(stderr, "usage: %s " + "[-C/--ciphers available_ciphers] " "[-D/--certdir certdir] [-d/--debuglevel] " "[-h/--checkhost] " "[-l/--verifylocs CAfile] [-m/--mutualverf] " @@ -570,14 +571,14 @@ rpctls_setup_ssl(const char *certdir) if (rpctls_ciphers != NULL) { /* - * Set preferred ciphers, since KERN_TLS only supports a + * Set available ciphers, since KERN_TLS only supports a * few of them. Normally, not doing this should be ok, * since the library defaults will work. */ - ret = SSL_CTX_set_cipher_list(ctx, rpctls_ciphers); + ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers); if (ret == 0) { rpctls_verbose_out("rpctls_setup_ssl: " - "SSL_CTX_set_cipher_list failed: %s\n", + "SSL_CTX_set_ciphersuites failed: %s\n", rpctls_ciphers); SSL_CTX_free(ctx); return (NULL); |