Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Jun 2022 00:57:44 GMT
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 927f75933b20 - stable/13 - rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites
Message-ID:  <202206050057.2550viXH037004@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=927f75933b20e353bc69109caef39984faeae5a8

commit 927f75933b20e353bc69109caef39984faeae5a8
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2022-05-22 20:49:08 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2022-06-05 00:56:51 +0000

    rpc.tlsclntd: Modify the -C option to use SSL_CTX_set_ciphersuites
    
    Commit 0b4f2ab0e913 fixes the krpc so that it can use TLS
    version 1.3 for NFS-over-TLS, as required by
    the draft (someday to be an RFC).
    This patch replaces SSL_CTX_set_cipher_list() with
    SSL_CTX_set_ciphersuites(), since that is the function
    that is used for TLS1.3.
    
    The man page will be updated in a separate commit.
    
    (cherry picked from commit f5b40aa0dea690314bc70f88634a13cbaa53b6f0)
---
 usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
index f650c42c539d..0c2549578f2d 100644
--- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
+++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
@@ -188,7 +188,7 @@ main(int argc, char **argv)
 			break;
 		default:
 			fprintf(stderr, "usage: %s "
-			    "[-C/--ciphers preferred_ciphers] "
+			    "[-C/--ciphers available_ciphers] "
 			    "[-D/--certdir certdir] [-d/--debuglevel] "
 			    "[-l/--verifylocs CAfile] [-m/--mutualverf] "
 			    "[-p/--verifydir CApath] [-r/--crl CRLfile] "
@@ -486,13 +486,13 @@ rpctls_setupcl_ssl(void)
 
 	if (rpctls_ciphers != NULL) {
 		/*
-		 * Set preferred ciphers, since KERN_TLS only supports a
+		 * Set available ciphers, since KERN_TLS only supports a
 		 * few of them.
 		 */
-		ret = SSL_CTX_set_cipher_list(ctx, rpctls_ciphers);
+		ret = SSL_CTX_set_ciphersuites(ctx, rpctls_ciphers);
 		if (ret == 0) {
 			rpctls_verbose_out("rpctls_setupcl_ssl: "
-			    "SSL_CTX_set_cipher_list failed: %s\n",
+			    "SSL_CTX_set_ciphersuites failed: %s\n",
 			    rpctls_ciphers);
 			SSL_CTX_free(ctx);
 			return (NULL);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206050057.2550viXH037004>