1 files changed, 41 insertions, 0 deletions

diff --git a/packages/voip/mumble/files/tls12_strong_ciphers.patch b/packages/voip/mumble/files/tls12_strong_ciphers.patch
new file mode 100644
index 0000000..5fab971
--- /dev/null
+++ b/packages/voip/mumble/files/tls12_strong_ciphers.patch
@@ -0,0 +1,41 @@
+diff --git a/src/Connection.cpp b/src/Connection.cpp
+index 5dc7443e..2287f174 100644
+--- a/src/Connection.cpp
++++ b/src/Connection.cpp
+@@ -27,7 +27,9 @@ Connection::Connection(QObject *p, QSslSocket *qtsSock) : QObject(p) {
+ 	qtsSocket->setParent(this);
+ 	iPacketLength = -1;
+ 	bDisconnectedEmitted = false;
+-
++#if QT_VERSION >= 0x050500
++	qtsSocket->setProtocol(QSsl::TlsV1_2OrLater);
++#endif
+ 	static bool bDeclared = false;
+ 	if (! bDeclared) {
+ 		bDeclared = true;
+diff --git a/src/SSL.cpp b/src/SSL.cpp
+index 7f7e8121..16cddd28 100644
+--- a/src/SSL.cpp
++++ b/src/SSL.cpp
+@@ -40,7 +40,7 @@ void MumbleSSL::destroy() {
+ }
+ 
+ QString MumbleSSL::defaultOpenSSLCipherString() {
+-	return QLatin1String("EECDH+AESGCM:EDH+aRSA+AESGCM:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA");
++	return QLatin1String("DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384");
+ }
+ 
+ QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString) {
+diff --git a/src/mumble/ServerHandler.cpp b/src/mumble/ServerHandler.cpp
+index 7e30e76a..60c39121 100644
+--- a/src/mumble/ServerHandler.cpp
++++ b/src/mumble/ServerHandler.cpp
+@@ -335,7 +335,7 @@ void ServerHandler::run() {
+ 
+ 
+ 	#if QT_VERSION >= 0x050500
+-		qtsSock->setProtocol(QSsl::TlsV1_0OrLater);
++		qtsSock->setProtocol(QSsl::TlsV1_2OrLater);
+ 	#elif QT_VERSION >= 0x050400
+ 		// In Qt 5.4, QSsl::SecureProtocols is equivalent
+ 		// to "TLSv1.0 or later", which we require.