1 files changed, 0 insertions, 46 deletions

diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch
deleted file mode 100644
index 7644e1a264ba..000000000000
--- a/net-vpn/openconnect/files/8.20-insecure-crypto.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sun, 10 Apr 2022 12:21:57 -0400
-Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is
- enabled
-
-Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However,
-according to ciphers(1), the DEFAULT keyword cannot be combined with
-other strings using the + characters. In other words, ":+3DES:+RC4" gets
-ignored.
-
-The user is opting into insecure behavior, so let's keep it simple and
-just allow everything.
-
-This change fixes the obsolete-server-crypto test when openconnect is
-built against openssl-1.1.x.
-
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- openssl.c | 9 +++------
- 1 file changed, 3 insertions(+), 6 deletions(-)
-
-diff --git a/openssl.c b/openssl.c
-index 3205dbd7..2bf594e7 100644
---- a/openssl.c
-+++ b/openssl.c
-@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
- 			struct oc_text_buf *buf = buf_alloc();
- 			if (vpninfo->pfs)
- 				buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA");
-+			else if (vpninfo->allow_insecure_crypto)
-+				buf_append(buf, "ALL");
- 			else
--				buf_append(buf, "DEFAULT");
--
--			if (vpninfo->allow_insecure_crypto)
--				buf_append(buf, ":+3DES:+RC4");
--			else
--				buf_append(buf, ":-3DES:-RC4");
-+				buf_append(buf, "DEFAULT:-3DES:-RC4");
- 
- 			if (buf_error(buf)) {
- 				vpn_progress(vpninfo, PRG_ERR,
--- 
-2.35.1
-