OpenSSL: Add build option to select default ciphers

Add a build option to select different default ciphers for OpenSSL instead of the hardcoded default "DEFAULT:!EXP:!LOW". This new option is useful on distributions where the security level should be consistent for all applications, as in Fedora [1]. In such cases the new configuration option would be set to "" or "PROFILE=SYSTEM" to select the global crypto policy by default. [1] https://fedoraproject.org/wiki/Changes/CryptoPolicy Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
author: Beniamino Galvani <bgalvani@redhat.com> 2017-07-09 09:06:50 (GMT)
committer: Jouni Malinen <j@w1.fi> 2017-07-17 08:55:22 (GMT)
commit: 2b9891bd6e125d3e28f26afde32e153db658b7cc (patch)
tree: 11b63f7e7d7b3ec19828a56c753e94c538231728 /hostapd/Makefile
parent: 65833d71a5f3b8240db397efa7200e894a3eab1f (diff)
download: hostap-2b9891bd6e125d3e28f26afde32e153db658b7cc.zip
hostap-2b9891bd6e125d3e28f26afde32e153db658b7cc.tar.gz
hostap-2b9891bd6e125d3e28f26afde32e153db658b7cc.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 91e1fda..fb926fb 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -668,6 +668,10 @@ ifdef CONFIG_TLS_ADD_DL
 LIBS += -ldl
 LIBS_h += -ldl
 endif
+ifndef CONFIG_TLS_DEFAULT_CIPHERS
+CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW"
+endif
+CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
 endif
 
 ifeq ($(CONFIG_TLS), gnutls)
author	Beniamino Galvani <bgalvani@redhat.com>	2017-07-09 09:06:50 (GMT)
committer	Jouni Malinen <j@w1.fi>	2017-07-17 08:55:22 (GMT)
commit	2b9891bd6e125d3e28f26afde32e153db658b7cc (patch)
tree	11b63f7e7d7b3ec19828a56c753e94c538231728 /hostapd/Makefile
parent	65833d71a5f3b8240db397efa7200e894a3eab1f (diff)
download	hostap-2b9891bd6e125d3e28f26afde32e153db658b7cc.zip hostap-2b9891bd6e125d3e28f26afde32e153db658b7cc.tar.gz hostap-2b9891bd6e125d3e28f26afde32e153db658b7cc.tar.bz2