tls: make dh to openssl 1.1 compatible

Effective the same approach used in libanyevent-perl 7.140-3[0] Stretch is also compatible with this, and we can remove it for buster/PVE 6 once the libanyevent-perl package transitioned to from unstable to buster, until then do it ourself to have a functioning api/proxy... [0]: 7f3d5721bb Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-05-01 20:58:54 +00:00 · 2019-03-22 10:32:46 +01:00 · 2019-03-22 10:32:46 +01:00 · ea574439f7
commit ea574439f7
parent 487cedb5a7
1 changed files with 3 additions and 0 deletions
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@ -574,6 +574,9 @@ sub proxy_request {
 	    sslv2 => 0,
 	    sslv3 => 0,
 	    verify => 1,
+	    # be compatible with openssl 1.1, fix for debian bug #923615
+	    # remove once libanyeven-perl with this fix transitions to buster
+	    dh => 'schmorp2048',
 	    verify_cb => sub {
 		my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
 		# we don't care about intermediate or root certificates