Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,10 @@ default. [Kurt Roeckx] *) Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL. [Kurt Roeckx] Changes between 1.0.2f and 1.0.2g [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Loading ssl/s2_meth.c +12 −2 Original line number Diff line number Diff line Loading @@ -57,6 +57,7 @@ */ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2_METHOD # ifndef OPENSSL_NO_SSL2 # include <stdio.h> # include <openssl/objects.h> Loading @@ -72,6 +73,7 @@ static const SSL_METHOD *ssl2_get_method(int ver) IMPLEMENT_ssl2_meth_func(SSLv2_method, ssl2_accept, ssl2_connect, ssl2_get_method) # else /* !OPENSSL_NO_SSL2 */ const SSL_METHOD *SSLv2_method(void) { return NULL; } Loading @@ -79,3 +81,11 @@ const SSL_METHOD *SSLv2_client_method(void) { return NULL; } const SSL_METHOD *SSLv2_server_method(void) { return NULL; } # endif #else /* !OPENSSL_NO_SSL2_METHOD */ # if PEDANTIC static void *dummy = &dummy; # endif #endif ssl/ssl.h +2 −0 Original line number Diff line number Diff line Loading @@ -2345,9 +2345,11 @@ const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); # ifndef OPENSSL_NO_SSL2_METHOD const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ # endif # ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ Loading util/mk1mf.pl +1 −0 Original line number Diff line number Diff line Loading @@ -1198,6 +1198,7 @@ sub read_options "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, "no-ssl2" => \$no_ssl2, "no-ssl2-method" => 0, "no-ssl3" => \$no_ssl3, "no-ssl3-method" => 0, "no-tlsext" => \$no_tlsext, Loading util/mkdef.pl +5 −1 Original line number Diff line number Diff line Loading @@ -107,6 +107,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAPIENG", # SSL v2 "SSL2", # SSL v2 method "SSL2_METHOD", # SSL v3 method "SSL3_METHOD", # JPAKE Loading Loading @@ -145,7 +147,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method; my $fips; Loading Loading @@ -240,6 +242,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-ec_nistp_64_gcc_128$/) { $no_nistp_gcc=1; } elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; } elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-ssl2-method$/) { $no_ssl2_method=1; } elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; } elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; } elsif (/^no-capieng$/) { $no_capieng=1; } Loading Loading @@ -1215,6 +1218,7 @@ sub is_valid if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc) { return 0; } if ($keyword eq "SSL2" && $no_ssl2) { return 0; } if ($keyword eq "SSL2_METHOD" && $no_ssl2_method) { return 0; } if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; } if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -8,6 +8,10 @@ default. [Kurt Roeckx] *) Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL. [Kurt Roeckx] Changes between 1.0.2f and 1.0.2g [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Loading
ssl/s2_meth.c +12 −2 Original line number Diff line number Diff line Loading @@ -57,6 +57,7 @@ */ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2_METHOD # ifndef OPENSSL_NO_SSL2 # include <stdio.h> # include <openssl/objects.h> Loading @@ -72,6 +73,7 @@ static const SSL_METHOD *ssl2_get_method(int ver) IMPLEMENT_ssl2_meth_func(SSLv2_method, ssl2_accept, ssl2_connect, ssl2_get_method) # else /* !OPENSSL_NO_SSL2 */ const SSL_METHOD *SSLv2_method(void) { return NULL; } Loading @@ -79,3 +81,11 @@ const SSL_METHOD *SSLv2_client_method(void) { return NULL; } const SSL_METHOD *SSLv2_server_method(void) { return NULL; } # endif #else /* !OPENSSL_NO_SSL2_METHOD */ # if PEDANTIC static void *dummy = &dummy; # endif #endif
ssl/ssl.h +2 −0 Original line number Diff line number Diff line Loading @@ -2345,9 +2345,11 @@ const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); # ifndef OPENSSL_NO_SSL2_METHOD const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ # endif # ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ Loading
util/mk1mf.pl +1 −0 Original line number Diff line number Diff line Loading @@ -1198,6 +1198,7 @@ sub read_options "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, "no-ssl2" => \$no_ssl2, "no-ssl2-method" => 0, "no-ssl3" => \$no_ssl3, "no-ssl3-method" => 0, "no-tlsext" => \$no_tlsext, Loading
util/mkdef.pl +5 −1 Original line number Diff line number Diff line Loading @@ -107,6 +107,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAPIENG", # SSL v2 "SSL2", # SSL v2 method "SSL2_METHOD", # SSL v3 method "SSL3_METHOD", # JPAKE Loading Loading @@ -145,7 +147,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method; my $fips; Loading Loading @@ -240,6 +242,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-ec_nistp_64_gcc_128$/) { $no_nistp_gcc=1; } elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; } elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-ssl2-method$/) { $no_ssl2_method=1; } elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; } elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; } elsif (/^no-capieng$/) { $no_capieng=1; } Loading Loading @@ -1215,6 +1218,7 @@ sub is_valid if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc) { return 0; } if ($keyword eq "SSL2" && $no_ssl2) { return 0; } if ($keyword eq "SSL2_METHOD" && $no_ssl2_method) { return 0; } if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; } if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } Loading
Viktor Dukhovni <viktor@openssl.org>
MR: #2341Viktor Dukhovni <viktor@openssl.org>
MR: #2341