Loading CHANGES +30 −15 Original line number Diff line number Diff line Loading @@ -250,21 +250,6 @@ implementations, between 32- and 64-bit builds without hassle. [Andy Polyakov] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt remain enabled for now, but are just as unofficial, and the ID has long expired; these will probably disappear soon. [Bodo Moeller] *) Move code previously exiled into file crypto/ec/ec2_smpt.c to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP macro. Loading Loading @@ -322,6 +307,21 @@ Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] Loading Loading @@ -1248,6 +1248,21 @@ Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] Loading ssl/tls1.h +1 −1 Original line number Diff line number Diff line Loading @@ -157,7 +157,7 @@ extern "C" { #endif #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 Loading Loading
CHANGES +30 −15 Original line number Diff line number Diff line Loading @@ -250,21 +250,6 @@ implementations, between 32- and 64-bit builds without hassle. [Andy Polyakov] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt remain enabled for now, but are just as unofficial, and the ID has long expired; these will probably disappear soon. [Bodo Moeller] *) Move code previously exiled into file crypto/ec/ec2_smpt.c to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP macro. Loading Loading @@ -322,6 +307,21 @@ Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] Loading Loading @@ -1248,6 +1248,21 @@ Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] Loading
ssl/tls1.h +1 −1 Original line number Diff line number Diff line Loading @@ -157,7 +157,7 @@ extern "C" { #endif #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 Loading
