OpenSSL: Update to 3.1.0

In a future Core Update, the following remnants of OpenSSL 1.1.1 need to be removed: /usr/lib/engines-1.1/afalg.so /usr/lib/engines-1.1/capi.so /usr/lib/engines-1.1/padlock.so /usr/lib/libcrypto.so.1.1 /usr/lib/libssl.so.1.1 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2026-05-10 17:28:26 +02:00 · 2023-04-24 18:09:50 +00:00
parent 3274424ad9
commit 489e0494dc
3 changed files with 5855 additions and 7464 deletions
--- a/src/patches/openssl-1.1.1d-default-cipherlist.patch
+++ b/src/patches/openssl-1.1.1d-default-cipherlist.patch
@@ -1,11 +0,0 @@
--- openssl-1.1.1d.orig/include/openssl/ssl.h	2019-11-04 19:13:08.801905796 +0100
-+++ openssl-1.1.1d/include/openssl/ssl.h	2019-11-04 19:14:05.229896747 +0100
-@@ -170,7 +170,7 @@
-  * an application-defined cipher list string starts with 'DEFAULT'.
-  * This applies to ciphersuites for TLSv1.2 and below.
-  */
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
-+# define SSL_DEFAULT_CIPHER_LIST "HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:!kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
- /* This is the default set of TLSv1.3 ciphersuites */
- # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
- #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \