Commit ee1ed1d3 authored by David Benjamin's avatar David Benjamin Committed by Rich Salz
Browse files

Fix the names of older ciphers. 

The names of these ciphers have an "SSL_" prefix, but the RFC names use
"TLS_":
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4



This dates back to these ciphers being originally defined in SSLv3. As
SSLv3 is on its way out anyway and this is a new set of APIs,
consistently use the TLS names.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4007)
parent f978f2b8

doc/man3/SSL_CIPHER_get_name.pod

+4 −2
Original line number Diff line number Diff line
@@ -40,11 +40,13 @@ B<cipher> is NULL, it returns "(NONE)". 


SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of

B<cipher>. If the B<cipher> is NULL, it returns "(NONE)". If the B<cipher>

has no standard name, it returns B<NULL>.

has no standard name, it returns B<NULL>. If B<cipher> was defined in both

SSLv3 and TLS, it returns the TLS name.



OPENSSL_cipher_name() returns a pointer to the OpenSSL name of B<stdname>.

If the B<stdname> is NULL, or B<stdname> has no corresponding OpenSSL name,

it returns "(NONE)".

it returns "(NONE)". Where both exist, B<stdname> should be the TLS name rather

than the SSLv3 name.



SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>.

If B<cipher> is NULL, 0 is returned.

include/openssl/ssl3.h

+10 −10
Original line number Diff line number Diff line
@@ -70,16 +70,16 @@ extern "C" { 
# define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B



/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */

# define SSL3_RFC_RSA_NULL_MD5                   "SSL_RSA_WITH_NULL_MD5"

# define SSL3_RFC_RSA_NULL_SHA                   "SSL_RSA_WITH_NULL_SHA"

# define SSL3_RFC_RSA_DES_192_CBC3_SHA           "SSL_RSA_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA       "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA       "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_ADH_DES_192_CBC_SHA            "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_RSA_IDEA_128_SHA               "SSL_RSA_WITH_IDEA_CBC_SHA"

# define SSL3_RFC_RSA_RC4_128_MD5                "SSL_RSA_WITH_RC4_128_MD5"

# define SSL3_RFC_RSA_RC4_128_SHA                "SSL_RSA_WITH_RC4_128_SHA"

# define SSL3_RFC_ADH_RC4_128_MD5                "SSL_DH_anon_WITH_RC4_128_MD5"

# define SSL3_RFC_RSA_NULL_MD5                   "TLS_RSA_WITH_NULL_MD5"

# define SSL3_RFC_RSA_NULL_SHA                   "TLS_RSA_WITH_NULL_SHA"

# define SSL3_RFC_RSA_DES_192_CBC3_SHA           "TLS_RSA_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA       "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA       "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_ADH_DES_192_CBC_SHA            "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"

# define SSL3_RFC_RSA_IDEA_128_SHA               "TLS_RSA_WITH_IDEA_CBC_SHA"

# define SSL3_RFC_RSA_RC4_128_MD5                "TLS_RSA_WITH_RC4_128_MD5"

# define SSL3_RFC_RSA_RC4_128_SHA                "TLS_RSA_WITH_RC4_128_SHA"

# define SSL3_RFC_ADH_RC4_128_MD5                "TLS_DH_anon_WITH_RC4_128_MD5"



# define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"

# define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"

ssl/t1_trce.c

+28 −28
Original line number Diff line number Diff line
@@ -107,34 +107,34 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { 


/* Cipher suites */

static ssl_trace_tbl ssl_ciphers_tbl[] = {

    {0x0000, "SSL_NULL_WITH_NULL_NULL"},

    {0x0001, "SSL_RSA_WITH_NULL_MD5"},

    {0x0002, "SSL_RSA_WITH_NULL_SHA"},

    {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},

    {0x0004, "SSL_RSA_WITH_RC4_128_MD5"},

    {0x0005, "SSL_RSA_WITH_RC4_128_SHA"},

    {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},

    {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},

    {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},

    {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},

    {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},

    {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},

    {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},

    {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},

    {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},

    {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},

    {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},

    {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},

    {0x0000, "TLS_NULL_WITH_NULL_NULL"},

    {0x0001, "TLS_RSA_WITH_NULL_MD5"},

    {0x0002, "TLS_RSA_WITH_NULL_SHA"},

    {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},

    {0x0004, "TLS_RSA_WITH_RC4_128_MD5"},

    {0x0005, "TLS_RSA_WITH_RC4_128_SHA"},

    {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},

    {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"},

    {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"},

    {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"},

    {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"},

    {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"},

    {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"},

    {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"},

    {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"},

    {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},

    {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"},

    {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},

    {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},

    {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},

    {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},

test/ciphername_test.c

+28 −28
Original line number Diff line number Diff line
@@ -29,34 +29,34 @@ typedef struct cipher_id_name { 


/* Cipher suites, copied from t1_trce.c */

static CIPHER_ID_NAME cipher_names[] = {

    {0x0000, "SSL_NULL_WITH_NULL_NULL"},

    {0x0001, "SSL_RSA_WITH_NULL_MD5"},

    {0x0002, "SSL_RSA_WITH_NULL_SHA"},

    {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"},

    {0x0004, "SSL_RSA_WITH_RC4_128_MD5"},

    {0x0005, "SSL_RSA_WITH_RC4_128_SHA"},

    {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},

    {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"},

    {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"},

    {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"},

    {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"},

    {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"},

    {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"},

    {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"},

    {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"},

    {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},

    {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"},

    {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"},

    {0x0000, "TLS_NULL_WITH_NULL_NULL"},

    {0x0001, "TLS_RSA_WITH_NULL_MD5"},

    {0x0002, "TLS_RSA_WITH_NULL_SHA"},

    {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},

    {0x0004, "TLS_RSA_WITH_RC4_128_MD5"},

    {0x0005, "TLS_RSA_WITH_RC4_128_SHA"},

    {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},

    {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"},

    {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"},

    {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"},

    {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"},

    {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"},

    {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},

    {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},

    {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"},

    {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},

    {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"},

    {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"},

    {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},

    {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"},

    {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},

    {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},

    {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},

    {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},