Remove LOW from the default (29cce508) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+3 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,9 @@

		Changes between 1.0.2g and 1.0.2h [xx XXX xxxx]

		*)
		*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
		default.
		[Kurt Roeckx]

		Changes between 1.0.2f and 1.0.2g [1 Mar 2016]

doc/apps/ciphers.pod

+1 −1

Original line number	Diff line number	Diff line
		@@ -107,7 +107,7 @@ The following is a list of all permitted cipher strings and their meanings.

		The default cipher list.
		This is determined at compile time and is normally
		B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>.
		B<ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2>.
		When used, this must be the first cipherstring specified.

		=item B<COMPLEMENTOFDEFAULT>

ssl/s2_lib.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -150,7 +150,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		0,
		128,
		128,
		@@ -167,7 +167,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV2,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL2_CF_5_BYTE_ENC,
		40,
		128,
		@@ -184,7 +184,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		0,
		128,
		128,
		@@ -201,7 +201,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV2,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL2_CF_5_BYTE_ENC,
		40,
		128,
		@@ -219,7 +219,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_IDEA,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		0,
		128,
		128,
		@@ -237,7 +237,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_DES,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		0,
		56,
		56,
		@@ -254,7 +254,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_3DES,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH,
		0,
		112,
		168,
		@@ -271,7 +271,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL2_CF_8_BYTE_ENC,
		64,
		64,

ssl/s3_lib.c

+44 −44

Original line number	Diff line number	Diff line
		@@ -208,7 +208,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -258,7 +258,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -294,7 +294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -312,7 +312,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -347,7 +347,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -365,7 +365,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -399,7 +399,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -417,7 +417,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -452,7 +452,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -470,7 +470,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -556,7 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -573,7 +573,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -608,7 +608,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -625,7 +625,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_3DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -695,7 +695,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -761,7 +761,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_MD5,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -827,7 +827,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -845,7 +845,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -863,7 +863,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -881,7 +881,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -899,7 +899,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -917,7 +917,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -1011,7 +1011,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1106,7 +1106,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -1302,7 +1302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1322,7 +1322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1338,7 +1338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1356,7 +1356,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -1374,7 +1374,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -1392,7 +1392,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1410,7 +1410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1525,7 +1525,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1541,7 +1541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -1694,7 +1694,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -1860,7 +1860,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_SEED,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -2040,7 +2040,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2056,7 +2056,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256,
		@@ -2424,7 +2424,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -2440,7 +2440,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_3DES,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -2456,7 +2456,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -2472,7 +2472,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,

ssl/ssl.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -338,7 +338,7 @@ extern "C" {
		* The following cipher list is used by default. It also is substituted when
		* an application-defined cipher list string starts with 'DEFAULT'.
		*/
		# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
		# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
		/*
		* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
		* starts with a reasonable order, and all we have to do for DEFAULT is