From 6bf887340626e35e0497deaf246a9f034d8fe8ee Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Mon, 23 May 2016 17:21:11 -0400

Subject: [PATCH] Add back export and low-security ciphers

These are disabled in OpenSSL 1.02g but are still enabled in

the version in RHEL 7.

---

 test/test_cipher.py | 5 ++---

 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/test/test_cipher.py b/test/test_cipher.py

index 1cce9e4..8b12f26 100644

--- a/test/test_cipher.py

+++ b/test/test_cipher.py

@@ -40,7 +40,7 @@ if ENABLE_SERVER_DHE == 0:

     OPENSSL_CIPHERS_IGNORE += ':-DH'

 def assert_equal_openssl(ciphers):

-    nss_ciphers = ciphers + ":-EXP:-LOW"

+    nss_ciphers = ciphers

     ossl_ciphers = ciphers + OPENSSL_CIPHERS_IGNORE

     (nss, err, rc) = run([exe, "--o", nss_ciphers])

     assert rc == 0

@@ -270,8 +270,7 @@ class test_ciphers(object):

         assert_no_NULL("DEFAULT:aRSA")

     def test_SYSTEM_DEFAULT(self):

-         # I've added in !DHE here which differs from F-23 default

-         assert_equal_openssl("!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!DHE")

+         assert_equal_openssl("!SSLv2:kEECDH:kRSA:kEDH:kPSK:DH:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES")

     def test_cipher_reorder(self):

         # re-ordering now allowed but shouldn't blow up either

-- 

2.5.5