[pve-devel] r5413 - pve-qemu-kvm/pve2/debian/patches

[svn-commits at proxmox.com]

Author: dietmar
Date: 2011-01-21 12:52:31 +0100 (Fri, 21 Jan 2011)
New Revision: 5413

Modified:
   pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
Log:
try to use fast ciphers first


Modified: pve-qemu-kvm/pve2/debian/patches/pve-auth.patch
===================================================================
--- pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-21 11:40:51 UTC (rev 5412)
+++ pve-qemu-kvm/pve2/debian/patches/pve-auth.patch	2011-01-21 11:52:31 UTC (rev 5413)
@@ -264,8 +264,37 @@
 Index: new/ui/vnc-tls.c
 ===================================================================
 --- new.orig/ui/vnc-tls.c	2011-01-21 11:24:14.000000000 +0100
-+++ new/ui/vnc-tls.c	2011-01-21 11:36:52.000000000 +0100
-@@ -419,6 +419,24 @@
++++ new/ui/vnc-tls.c	2011-01-21 12:52:52.000000000 +0100
+@@ -291,6 +291,14 @@
+     static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
+     static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
+ 
++    /* optimize for speed */
++    static const int ciphers[] = {
++	    GNUTLS_CIPHER_ARCFOUR_128,
++	    GNUTLS_CIPHER_AES_128_CBC,
++	    GNUTLS_CIPHER_3DES_CBC,
++	    0
++    };
++
+     VNC_DEBUG("Do TLS setup\n");
+     if (vnc_tls_initialize() < 0) {
+         VNC_DEBUG("Failed to init TLS\n");
+@@ -310,6 +318,13 @@
+             return -1;
+         }
+ 
++	if ((gnutls_cipher_set_priority(vs->tls.session, ciphers)) < 0) {
++	    gnutls_deinit(vs->tls.session);
++            vs->tls.session = NULL;
++            vnc_client_error(vs);
++            return -1;
++	}#
++
+         if (gnutls_kx_set_priority(vs->tls.session, needX509Creds ? kx_x509 : kx_anon) < 0) {
+             gnutls_deinit(vs->tls.session);
+             vs->tls.session = NULL;
+@@ -419,6 +434,24 @@
      return 0;
  }