From: Daniel Lenski <dlenski@gmail.com>
Date: Sat, 23 Jan 2021 01:07:07 +0000 (+0000)
Subject: Merge branch 'openssl-sec-level' into 'master'
X-Git-Tag: v8.20~370
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=f07d798f7c8169bf34b485942205f3a0d64dc074;p=users%2Fdwmw2%2Fopenconnect.git

Merge branch 'openssl-sec-level' into 'master'

With --allow-insecure-crypto, set OpenSSL 1.1.0+ "security level" to 0, and attempt to disable system minimum crypto requirements

See merge request openconnect/openconnect!158
---

f07d798f7c8169bf34b485942205f3a0d64dc074
diff --cc www/changelog.xml
index 4e4a9bba,debedf14..b7f79e78
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@@ -18,11 -18,11 +18,12 @@@
         <li>Make <tt>tncc-emulate.py</tt> work with Python 3.7+. (<a href="https://gitlab.com/openconnect/openconnect/-/issues/152">!152</a>, <a href="https://gitlab.com/openconnect/openconnect/merge_requests/120">!120</a>)</li>
         <li>Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19 (<a href="https://gitlab.com/openconnect/openconnect/merge_requests/131">!131</a>)</li>
         <li>Support Juniper login forms containing both password and 2FA token (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/121">!121</a>)</li>
-        <li><i>Explicitly disable 3DES and RC4, unless enabled with <tt>--allow-insecure-crypto</tt> (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/114">!114</a>)</i></li>
-        <li><i>Add obsolete-server-crypto test (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/114">!114</a>)</i></li>
+        <li>Explicitly disable 3DES and RC4, unless enabled with <tt>--allow-insecure-crypto</tt> (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/114">!114</a>)</li>
+        <li>With <tt>--allow-insecure-crypto</tt>, additionally try to disable system-wide and library minimum crypto policies (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/158">!158</a>, <a href="https://gitlab.com/openconnect/openconnect/-/issues/132">#132</a>)</li>
+        <li>Add obsolete-server-crypto test (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/114">!114</a>)</li>
         <li>Allow protocols to delay tunnel setup and shutdown (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/117">!117</a>)</li>
         <li>Incomplete, speculative support for GlobalProtect IPv6 (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/155">!155</a>; previous work in <a href="https://gitlab.com/openconnect/openconnect/commit/d6db0ec03394234d41fbec7ffc794ceeb486a8f0">d6db0ec</a>)</li>
 +       <li>SIGUSR1 causes OpenConnect to log detailed connection information and statistics (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/154">!154</a>)</li>
       </ul><br/>
    </li>
    <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz">OpenConnect v8.10</a></b>