From a3505302c65d34086b44f972fd75fac25f56c0c6 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 13 Jul 2018 15:50:40 -0400
Subject: [PATCH] Fix xCAT client p* commands on SLES

The restricted cipher set does not play well with SLES
defaults.
---
 xCAT-client/bin/pasu   | 2 ++
 xCAT-client/bin/pping  | 1 +
 xCAT-client/bin/ppping | 1 +
 xCAT-client/bin/prsync | 1 +
 xCAT-client/bin/pscp   | 1 +
 xCAT-client/bin/psh    | 1 +
 6 files changed, 7 insertions(+)

diff --git a/xCAT-client/bin/pasu b/xCAT-client/bin/pasu
index f4270bea8..6f1d72bf7 100755
--- a/xCAT-client/bin/pasu
+++ b/xCAT-client/bin/pasu
@@ -277,6 +277,7 @@ sub expandnoderange {
         SSL_use_cert        => 1,
         SSL_verify_mode     => SSL_VERIFY_PEER,
         SSL_verifycn_scheme => "none",
+        SSL_cipher_list => undef,
         %sslargs,
     );
     die "Connection failure: $!\n" unless ($client);
@@ -335,6 +336,7 @@ sub getipmiattrs {
         SSL_use_cert        => 1,
         SSL_verify_mode     => SSL_VERIFY_PEER,
         SSL_verifycn_scheme => "none",
+        SSL_cipher_list => undef,
         %sslargs,
     );
     die "Connection failure: $!\n" unless ($client);
diff --git a/xCAT-client/bin/pping b/xCAT-client/bin/pping
index 4bc3af11b..81c18518f 100755
--- a/xCAT-client/bin/pping
+++ b/xCAT-client/bin/pping
@@ -74,6 +74,7 @@ else { # the normal case of the user running the cmd - expand the noderange usin
         SSL_cert_file   => xCAT::Utils->getHomeDir() . "/.xcat/client-cred.pem",
         SSL_ca_file     => xCAT::Utils->getHomeDir() . "/.xcat/ca.pem",
         SSL_use_cert    => 1,
+        SSL_cipher_list => undef,
         SSL_verify_mode => SSL_VERIFY_PEER,
         SSL_verifycn_scheme => "none",
         %sslargs,
diff --git a/xCAT-client/bin/ppping b/xCAT-client/bin/ppping
index 535a9022f..d8a0cb7e7 100755
--- a/xCAT-client/bin/ppping
+++ b/xCAT-client/bin/ppping
@@ -90,6 +90,7 @@ my $client = IO::Socket::SSL->new(
     SSL_ca_file   => $homedir . "/.xcat/ca.pem",
     SSL_use_cert  => 1,
     %sslargs,
+    SSL_cipher_list => undef,
     SSL_verify_mode     => SSL_VERIFY_PEER,
     SSL_verifycn_scheme => "none",
 );
diff --git a/xCAT-client/bin/prsync b/xCAT-client/bin/prsync
index ab0c1a898..38b3f6446 100755
--- a/xCAT-client/bin/prsync
+++ b/xCAT-client/bin/prsync
@@ -76,6 +76,7 @@ my $client = IO::Socket::SSL->new(
     SSL_cert_file       => $homedir . "/.xcat/client-cred.pem",
     SSL_ca_file         => $homedir . "/.xcat/ca.pem",
     SSL_use_cert        => 1,
+    SSL_cipher_list => undef,
     SSL_verify_mode     => SSL_VERIFY_PEER,
     SSL_verifycn_scheme => "none",
     %sslargs,
diff --git a/xCAT-client/bin/pscp b/xCAT-client/bin/pscp
index 245f9598b..80d764e37 100755
--- a/xCAT-client/bin/pscp
+++ b/xCAT-client/bin/pscp
@@ -74,6 +74,7 @@ my $client = IO::Socket::SSL->new(
     SSL_use_cert        => 1,
     SSL_verify_mode     => SSL_VERIFY_PEER,
     SSL_verifycn_scheme => "none",
+    SSL_cipher_list => undef,
     %sslargs,
 );
 die "Connection failure: $!\n" unless ($client);
diff --git a/xCAT-client/bin/psh b/xCAT-client/bin/psh
index 2290c625e..3ed656513 100755
--- a/xCAT-client/bin/psh
+++ b/xCAT-client/bin/psh
@@ -75,6 +75,7 @@ else {
         SSL_use_cert        => 1,
         SSL_verify_mode     => SSL_VERIFY_PEER,
         SSL_verifycn_scheme => "none",
+        SSL_cipher_list => undef,
         %sslargs,
     );
     die "Connection failure: $!\n" unless ($client);