openssl: allow ALL ciphers when allow-insecure-crypto is enabled (!355) · Merge requests · OpenConnect VPN projects / OpenConnect

Mike Gilbert requested to merge floppym/openconnect:insecure-openssl into master Apr 10, 2022

openssl: allow ALL ciphers when allow-insecure-crypto is enabled

Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However, according to ciphers(1), the DEFAULT keyword cannot be combined with other strings using the + characters. In other words, ":+3DES:+RC4" gets ignored.

The user is opting into insecure behavior, so let's keep it simple and just allow everything.

This change fixes the obsolete-server-crypto test when openconnect is built against openssl-1.1.x.

openssl: allow ALL ciphers when allow-insecure-crypto is enabled

Merge request reports