From 054bf7f2386189473e04dea836ecfc674e876c85 Mon Sep 17 00:00:00 2001
From: Jonathan Bauer
Date: Fri, 7 Feb 2020 18:07:47 +0100
Subject: [SPUS] debian10: remove CipherString in openssl.cnf

---
 satellit_upgrader/updater.template.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh
index fa5e883..5c734c2 100644
--- a/satellit_upgrader/updater.template.sh
+++ b/satellit_upgrader/updater.template.sh
@@ -824,6 +824,12 @@ if ! [ -d /var/log/journal ]; then
 	systemctl restart systemd-journald
 fi
 
+# Debian 10's default SSL configuration changed to only use DEFAULT@SECLEVEL=2
+# as ciphers. We need to patch that, since this can cause problems with ldadp.
+if [ "${MAJOR}" -eq 10 ]; then
+	sed -r -i 's/^[#\s]*(CipherString =.*)/#\1/' /etc/ssl/openssl.cnf
+fi
+
 # ************************** LIGHTY ************************
 # XXX
 if [ -n "${restart["lighttpd.service"]}" ]; then
-- 
cgit v1.2.3-55-g7522