Revert "tls: make dh to openssl 1.1 compatible"

The libanyevent-perl version 7.140-3 included a fix for this. It migrated to the then still testing (buster was not yet released) on 07.04.2019, and so we can safely revert this workaround again here. Albeit this was fixed since Buster was officially released, still bump the version dependency to libanyevent-perl in debian/control. A future libanyevent-perl will use "ffdhe3072" for DH; another good reason to revert this, to not keep hardcoded parameters with possible (future) security implications here. [0]: https://tracker.debian.org/news/1037514/libanyevent-perl-7140-3-migrated-to-testing/ This reverts commit ea574439f7. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-05-01 09:24:27 +00:00 · 2019-10-25 17:34:27 +02:00 · 2019-10-25 17:34:27 +02:00 · aa6e7a0d63
commit aa6e7a0d63
parent f5fe153b48
2 changed files with 1 additions and 4 deletions
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@ -591,9 +591,6 @@ sub proxy_request {
 	    sslv2 => 0,
 	    sslv3 => 0,
 	    verify => 1,
-	    # be compatible with openssl 1.1, fix for debian bug #923615
-	    # remove once libanyeven-perl with this fix transitions to buster
-	    dh => 'schmorp2048',
 	    verify_cb => sub {
 		my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
 		# we don't care about intermediate or root certificates
--- a/debian/control
+++ b/debian/control
@ -11,7 +11,7 @@ Homepage: https://www.proxmox.com
 Package: libpve-http-server-perl
 Architecture: all
 Depends: libanyevent-http-perl,
-         libanyevent-perl,
+         libanyevent-perl (>= 7.140-3),
         libcrypt-ssleay-perl,
         libhtml-parser-perl,
         libhttp-date-perl,