Remove LOW from the default (6e7a1f35) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+3 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,9 @@

		Changes between 1.0.1s and 1.0.1t [xx XXX xxxx]

		*)
		*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
		default.
		[Kurt Roeckx]

		Changes between 1.0.1r and 1.0.1s [1 Mar 2016]

doc/apps/ciphers.pod

+1 −1

Original line number	Diff line number	Diff line
		@@ -107,7 +107,7 @@ The following is a list of all permitted cipher strings and their meanings.

		The default cipher list.
		This is determined at compile time and is normally
		B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>.
		B<ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2>.
		When used, this must be the first cipherstring specified.

		=item B<COMPLEMENTOFDEFAULT>

ssl/s2_lib.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -150,7 +150,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		0,
		128,
		128,
		@@ -167,7 +167,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV2,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL2_CF_5_BYTE_ENC,
		40,
		128,
		@@ -184,7 +184,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		0,
		128,
		128,
		@@ -201,7 +201,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV2,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL2_CF_5_BYTE_ENC,
		40,
		128,
		@@ -219,7 +219,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_IDEA,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		0,
		128,
		128,
		@@ -237,7 +237,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_DES,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		0,
		56,
		56,
		@@ -254,7 +254,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_3DES,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH,
		0,
		112,
		168,
		@@ -271,7 +271,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV2,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL2_CF_8_BYTE_ENC,
		64,
		64,

ssl/s3_lib.c

+44 −44

Original line number	Diff line number	Diff line
		@@ -213,7 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -263,7 +263,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -299,7 +299,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -317,7 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -352,7 +352,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -370,7 +370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -404,7 +404,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -422,7 +422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -457,7 +457,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -475,7 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -509,7 +509,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -527,7 +527,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -561,7 +561,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -578,7 +578,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -595,7 +595,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -613,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -630,7 +630,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_3DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -700,7 +700,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -766,7 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_MD5,
		SSL_SSLV3,
		SSL_NOT_EXP \| SSL_LOW,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_LOW,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -832,7 +832,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -850,7 +850,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -868,7 +868,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -886,7 +886,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		56,
		@@ -904,7 +904,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -922,7 +922,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_SSLV3,
		SSL_EXPORT \| SSL_EXP40,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP40,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		40,
		128,
		@@ -1016,7 +1016,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1111,7 +1111,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -1307,7 +1307,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA128,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1327,7 +1327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_MD5,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1343,7 +1343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC2,
		SSL_MD5,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1361,7 +1361,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -1379,7 +1379,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_DES,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		56,
		@@ -1397,7 +1397,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1415,7 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_EXPORT \| SSL_EXP56,
		SSL_NOT_DEFAULT \| SSL_EXPORT \| SSL_EXP56,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		56,
		128,
		@@ -1530,7 +1530,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -1546,7 +1546,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_CAMELLIA256,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		@@ -1865,7 +1865,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_SEED,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -2045,7 +2045,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		@@ -2061,7 +2061,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256,
		@@ -2414,7 +2414,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_RC4,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -2430,7 +2430,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_3DES,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -2446,7 +2446,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES128,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		@@ -2462,7 +2462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
		SSL_AES256,
		SSL_SHA1,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_NOT_EXP \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,

ssl/ssl.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -334,7 +334,7 @@ extern "C" {
		* The following cipher list is used by default. It also is substituted when
		* an application-defined cipher list string starts with 'DEFAULT'.
		*/
		# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
		# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
		/*
		* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
		* starts with a reasonable order, and all we have to do for DEFAULT is