From 51bb577ee4dbe2d6ce29be70d2492b4913088b3f Mon Sep 17 00:00:00 2001
From: Tim Kitslaar <tjkitslaar@gmail.com>
Date: Wed, 19 Jun 2024 02:06:41 +0000
Subject: [PATCH] Update 2 files

- /trojans/csd-post.sh
- /trojans/legacy_openssl.cnf
---
 trojans/csd-post.sh        |  4 ++++
 trojans/legacy_openssl.cnf | 10 ++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 trojans/legacy_openssl.cnf

diff --git a/trojans/csd-post.sh b/trojans/csd-post.sh
index 86837d2b..c9ba10bc 100755
--- a/trojans/csd-post.sh
+++ b/trojans/csd-post.sh
@@ -12,6 +12,10 @@
 # server's security policy with lies. This script exists as an example
 # to work from.
 
+# The below config file allows for compatibility with newer versions of OpenSSL, change path to wherever your legacy_openssl.cnf file is located
+
+export OPENSSL_CONF=/usr/etc/legacy_openssl.cnf
+
 if ! xmlstarlet --version > /dev/null 2>&1; then
     echo "************************************************************************" >&2
     echo "WARNING: xmlstarlet not found in path; CSD token extraction may not work" >&2
diff --git a/trojans/legacy_openssl.cnf b/trojans/legacy_openssl.cnf
new file mode 100644
index 00000000..e9a4029a
--- /dev/null
+++ b/trojans/legacy_openssl.cnf
@@ -0,0 +1,10 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation
-- 
GitLab