From aa6e7a0d639d58172612b55d892535e098648c25 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 25 Oct 2019 17:34:27 +0200 Subject: [PATCH] Revert "tls: make dh to openssl 1.1 compatible" The libanyevent-perl version 7.140-3 included a fix for this. It migrated to the then still testing (buster was not yet released) on 07.04.2019, and so we can safely revert this workaround again here. Albeit this was fixed since Buster was officially released, still bump the version dependency to libanyevent-perl in debian/control. A future libanyevent-perl will use "ffdhe3072" for DH; another good reason to revert this, to not keep hardcoded parameters with possible (future) security implications here. [0]: https://tracker.debian.org/news/1037514/libanyevent-perl-7140-3-migrated-to-testing/ This reverts commit ea574439f76bb3914b8b8c0be8e40ee826c95afc. Signed-off-by: Thomas Lamprecht --- PVE/APIServer/AnyEvent.pm | 3 --- debian/control | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm index 9aba27d..539a156 100644 --- a/PVE/APIServer/AnyEvent.pm +++ b/PVE/APIServer/AnyEvent.pm @@ -591,9 +591,6 @@ sub proxy_request { sslv2 => 0, sslv3 => 0, verify => 1, - # be compatible with openssl 1.1, fix for debian bug #923615 - # remove once libanyeven-perl with this fix transitions to buster - dh => 'schmorp2048', verify_cb => sub { my (undef, undef, undef, $depth, undef, undef, $cert) = @_; # we don't care about intermediate or root certificates diff --git a/debian/control b/debian/control index a784039..b1409e4 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Homepage: https://www.proxmox.com Package: libpve-http-server-perl Architecture: all Depends: libanyevent-http-perl, - libanyevent-perl, + libanyevent-perl (>= 7.140-3), libcrypt-ssleay-perl, libhtml-parser-perl, libhttp-date-perl,