From 5d56d52e0829e503e403568de66bb6cebfec3202 Mon Sep 17 00:00:00 2001

From: Sergey Avseyev <sergey.avseyev@gmail.com>

Date: Wed, 28 Nov 2018 18:53:22 +0300

Subject: [PATCH 1/4] enforce system crypto policies

---

 test/core/handshake/client_ssl.cc        | 3 +--

 test/core/handshake/server_ssl_common.cc | 3 +--

 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/test/core/handshake/client_ssl.cc b/test/core/handshake/client_ssl.cc

index 467df6e229..b31934e51b 100644

--- a/test/core/handshake/client_ssl.cc

+++ b/test/core/handshake/client_ssl.cc

@@ -161,8 +161,7 @@ static void server_thread(void* arg) {

   // Set the cipher list to match the one expressed in

   // src/core/tsi/ssl_transport_security.c.

   const char* cipher_list =

-      "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-"

-      "SHA384:ECDHE-RSA-AES256-GCM-SHA384";

+      "PROFILE=SYSTEM";

   if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {

     ERR_print_errors_fp(stderr);

     gpr_log(GPR_ERROR, "Couldn't set server cipher list.");

diff --git a/test/core/handshake/server_ssl_common.cc b/test/core/handshake/server_ssl_common.cc

index 41b2829d8b..8b21ea7c73 100644

--- a/test/core/handshake/server_ssl_common.cc

+++ b/test/core/handshake/server_ssl_common.cc

@@ -167,8 +167,7 @@ bool server_ssl_test(const char* alpn_list[], unsigned int alpn_list_len,

   // Set the cipher list to match the one expressed in

   // src/core/tsi/ssl_transport_security.c.

   const char* cipher_list =

-      "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-"

-      "SHA384:ECDHE-RSA-AES256-GCM-SHA384";

+      "PROFILE=SYSTEM";

   if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {

     ERR_print_errors_fp(stderr);

     gpr_log(GPR_ERROR, "Couldn't set server cipher list.");

-- 

2.21.0