Loading CHANGES +15 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,21 @@ Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] Loading ssl/s2_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -179,7 +179,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ #if 1 #if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, Loading ssl/s3_lib.c +3 −1 Original line number Diff line number Diff line Loading @@ -734,7 +734,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES /* New TLS Export CipherSuites */ /* New TLS Export CipherSuites from expired ID */ #if 0 /* Cipher 60 */ { 1, Loading @@ -761,6 +762,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* Cipher 62 */ { 1, Loading ssl/tls1.h +1 −1 Original line number Diff line number Diff line Loading @@ -65,7 +65,7 @@ extern "C" { #endif #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 Loading Loading
CHANGES +15 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,21 @@ Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Also deactive the remaining ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as unofficial, and the ID has long expired. [Bodo Moeller] *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] Loading
ssl/s2_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -179,7 +179,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ #if 1 #if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, Loading
ssl/s3_lib.c +3 −1 Original line number Diff line number Diff line Loading @@ -734,7 +734,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES /* New TLS Export CipherSuites */ /* New TLS Export CipherSuites from expired ID */ #if 0 /* Cipher 60 */ { 1, Loading @@ -761,6 +762,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* Cipher 62 */ { 1, Loading
ssl/tls1.h +1 −1 Original line number Diff line number Diff line Loading @@ -65,7 +65,7 @@ extern "C" { #endif #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 Loading
