- delivered this patches to Peter, so no worries anymore

openssl-bins/openssl-1.0.2-chacha.pm/experimental-features.patch

@@ -1,31 +0,0 @@
---- ./ssl/tls1.h.orig	2014-07-03 19:08:22.277405719 +0200
-+++ ./ssl/tls1.h	2014-07-03 19:08:36.799536119 +0200
-@@ -157,7 +157,7 @@
- extern "C" {
- #endif
- 
--#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
-+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	1
- 
- #define TLS1_2_VERSION			0x0303
- #define TLS1_2_VERSION_MAJOR		0x03
---- ./ssl/s2_lib.c.orig	2014-07-03 10:04:32.035552187 +0200
-+++ ./ssl/s2_lib.c	2014-07-03 19:08:22.280405746 +0200
-@@ -122,7 +122,7 @@
- 
- /* list of available SSLv2 ciphers (sorted by id) */
- OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
--#if 0
-+#if 1
- /* NULL_WITH_MD5 v3 */
- 	{
- 	1,
-@@ -254,7 +254,7 @@
- 	168,
- 	},
- 
--#if 0
-+#if 1
- /* RC4_64_WITH_MD5 */
- 	{
- 	1,

openssl-bins/openssl-1.0.2-chacha.pm/openssl-telnet-starttls.patch

@@ -1,78 +0,0 @@
---- apps/s_client.c.org	2009-12-16 15:28:28.000000000 -0500
-+++ apps/s_client.c	2010-11-16 12:07:02.274824820 -0500
-@@ -329,8 +329,8 @@ static void sc_usage(void)
- 	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
- 	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
- 	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
--	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
--	BIO_printf(bio_err,"                 are supported.\n");
-+	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\", and\n");
-+	BIO_printf(bio_err,"                 \"telnet\" are supported.\n");
- #ifndef OPENSSL_NO_ENGINE
- 	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
- #endif
-@@ -375,7 +375,8 @@ enum
- 	PROTO_POP3,
- 	PROTO_IMAP,
- 	PROTO_FTP,
--	PROTO_XMPP
-+	PROTO_XMPP,
-+	PROTO_TELNET
- };
- 
- int MAIN(int, char **);
-@@ -688,6 +689,8 @@ int MAIN(int argc, char **argv)
- 				starttls_proto = PROTO_FTP;
- 			else if (strcmp(*argv, "xmpp") == 0)
- 				starttls_proto = PROTO_XMPP;
-+			else if (strcmp(*argv, "telnet") == 0)
-+				starttls_proto = PROTO_TELNET;
- 			else
- 				goto bad;
- 			}
-@@ -1200,6 +1203,45 @@ SSL_set_tlsext_status_ids(con, ids);
- 			goto shut;
- 		mbuf[0] = 0;
- 		}
-+	else if (starttls_proto == PROTO_TELNET)
-+		{
-+		static const unsigned char tls_do[] =
-+			{
-+			255 /* IAC */,
-+			253 /* DO */,
-+			 46 /* START_TLS */
-+			};
-+		static const unsigned char tls_will[] =
-+			{
-+			255 /* IAC */,
-+			251 /* WILL */,
-+			 46 /* START_TLS */
-+			};
-+		static const unsigned char tls_follows[] =
-+			{
-+			255 /* IAC */,
-+			250 /* SB */,
-+			 46 /* START_TLS */,
-+			  1 /* FOLLOWS */,
-+			255 /* IAC */,
-+			240 /* SE */
-+			};
-+		int bytes;
-+
-+		/* Telnet server should demand we issue START_TLS */
-+		bytes = BIO_read(sbio,mbuf,BUFSIZZ);
-+		if (!(bytes == 3 && memcmp(mbuf, tls_do, 3) == 0))
-+			goto shut;
-+		/* Agree to issue START_TLS and send the FOLLOWS sub-command */
-+		BIO_write(sbio, tls_will, 3);
-+		BIO_write(sbio, tls_follows, 6);
-+		(void)BIO_flush(sbio);
-+		/* Telnet server also sent the FOLLOWS sub-command */
-+		bytes = BIO_read(sbio,mbuf,BUFSIZZ);
-+		if (!(bytes == 6 && memcmp(mbuf, tls_follows, 6) == 0))
-+			goto shut;
-+		/* Any traffic after this point must be TLS negotiation */
-+		}
- 
- 	for (;;)
- 		{

openssl-bins/openssl-1.0.2-chacha.pm/openssl-xmpp-starttls-fix.patch

@@ -1,11 +0,0 @@
---- apps/s_client.c.org	2014-05-23 16:01:41.000000000 +0200
-+++ apps/s_client.c	2014-05-23 16:02:25.414679645 +0200
-@@ -1478,7 +1478,7 @@
- 		int seen = 0;
- 		BIO_printf(sbio,"<stream:stream "
- 		    "xmlns:stream='http://etherx.jabber.org/streams' "
--		    "xmlns='jabber:client' to='%s' version='1.0'>", host);
-+		    "xmlns='jabber:client' to='%s' version='1.0'>", servername?servername:host);
- 		seen = BIO_read(sbio,mbuf,BUFSIZZ);
- 		mbuf[seen] = 0;
- 		while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))