recent changes from 0.9.8: fix cipher list order in s3_lib.c, (00fe865d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s23_meth.c

+10 −2

Original line number	Diff line number	Diff line
		@@ -63,13 +63,21 @@
		static const SSL_METHOD *ssl23_get_method(int ver);
		static const SSL_METHOD *ssl23_get_method(int ver)
		{
		#ifndef OPENSSL_NO_SSL2
		if (ver == SSL2_VERSION)
		return(SSLv2_method());
		else if (ver == SSL3_VERSION)
		else
		#endif
		#ifndef OPENSSL_NO_SSL3
		if (ver == SSL3_VERSION)
		return(SSLv3_method());
		else if (ver == TLS1_VERSION)
		else
		#endif
		#ifndef OPENSSL_NO_TLS1
		if (ver == TLS1_VERSION)
		return(TLSv1_method());
		else
		#endif
		return(NULL);
		}

ssl/s3_lib.c

+96 −97

Original line number	Diff line number	Diff line
		@@ -901,6 +901,102 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		SSL_ALL_STRENGTHS,
		},

		#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
		/* New TLS Export CipherSuites from expired ID */
		#if 0
		/* Cipher 60 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 61 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		#endif
		/* Cipher 62 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 63 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 64 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 65 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 66 */
		{
		1,
		TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
		TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_NOT_EXP\|SSL_MEDIUM,
		0,
		128,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS
		},
		#endif
		#ifndef OPENSSL_NO_ECDH
		/* Cipher C001 */
		{
		@@ -1253,103 +1349,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
		},
		#endif /* OPENSSL_NO_ECDH */

		#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
		/* New TLS Export CipherSuites from expired ID */
		#if 0
		/* Cipher 60 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 61 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
		SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		#endif
		/* Cipher 62 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 63 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		56,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 64 */
		{
		1,
		TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 65 */
		{
		1,
		TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_EXPORT\|SSL_EXP56,
		0,
		56,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS,
		},
		/* Cipher 66 */
		{
		1,
		TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
		TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
		SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
		SSL_NOT_EXP\|SSL_MEDIUM,
		0,
		128,
		128,
		SSL_ALL_CIPHERS,
		SSL_ALL_STRENGTHS
		},
		#endif

		/* end of list */
		};

ssl/ssltest.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -2241,6 +2241,7 @@ static int do_test_cipherlist(void)
		const SSL_METHOD *meth;
		SSL_CIPHER ci, tci = NULL;

		#ifndef OPENSSL_NO_SSL2
		fprintf(stderr, "testing SSLv2 cipher list order: ");
		meth = SSLv2_method();
		while ((ci = meth->get_cipher(i++)) != NULL)
		@@ -2254,7 +2255,8 @@ static int do_test_cipherlist(void)
		tci = ci;
		}
		fprintf(stderr, "ok\n");

		#endif
		#ifndef OPENSSL_NO_SSL3
		fprintf(stderr, "testing SSLv3 cipher list order: ");
		meth = SSLv3_method();
		tci = NULL;
		@@ -2269,7 +2271,8 @@ static int do_test_cipherlist(void)
		tci = ci;
		}
		fprintf(stderr, "ok\n");

		#endif
		#ifndef OPENSSL_NO_TLS1
		fprintf(stderr, "testing TLSv1 cipher list order: ");
		meth = TLSv1_method();
		tci = NULL;
		@@ -2284,6 +2287,7 @@ static int do_test_cipherlist(void)
		tci = ci;
		}
		fprintf(stderr, "ok\n");
		#endif

		return 1;
		}