Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.2h and 1.1.0 [xx XXX xxxx] *) Because of the SWEET32 attack, 3DES cipher suites have been disabled by default like RC4. See the RC4 item below to re-enable both. [Rich Salz] *) The method for finding the storage location for the Windows RAND seed file has changed. First we check %RANDFILE%. If that is not set then we check the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If Loading ssl/s3_lib.c +18 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, Loading Loading @@ -157,6 +158,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, #endif { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, Loading Loading @@ -849,6 +851,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, Loading @@ -864,6 +867,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, Loading Loading @@ -909,6 +913,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, Loading @@ -924,6 +929,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, Loading Loading @@ -969,6 +975,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, Loading @@ -984,6 +991,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, Loading Loading @@ -1182,6 +1190,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1197,6 +1206,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1227,6 +1237,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1242,6 +1253,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1272,6 +1284,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1287,6 +1300,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1588,6 +1602,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, }, # ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1603,6 +1618,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1712,6 +1728,7 @@ static SSL_CIPHER ssl3_ciphers[] = { #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, Loading Loading @@ -1757,6 +1774,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, Loading test/cipherlist_test.c +0 −13 Original line number Diff line number Diff line Loading @@ -104,16 +104,6 @@ static const uint32_t default_ciphers_in_order[] = { TLS1_CK_DHE_RSA_WITH_AES_128_SHA, #endif #ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, # endif # ifndef OPENSSL_NO_DH SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, # endif #endif /* !OPENSSL_NO_DES */ #ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, Loading @@ -123,9 +113,6 @@ static const uint32_t default_ciphers_in_order[] = { TLS1_CK_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, #ifndef OPENSSL_NO_DES SSL3_CK_RSA_DES_192_CBC3_SHA, #endif }; static int test_default_cipherlist(SSL_CTX *ctx) Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.2h and 1.1.0 [xx XXX xxxx] *) Because of the SWEET32 attack, 3DES cipher suites have been disabled by default like RC4. See the RC4 item below to re-enable both. [Rich Salz] *) The method for finding the storage location for the Windows RAND seed file has changed. First we check %RANDFILE%. If that is not set then we check the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If Loading
ssl/s3_lib.c +18 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, Loading Loading @@ -157,6 +158,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, #endif { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, Loading Loading @@ -849,6 +851,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, Loading @@ -864,6 +867,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, Loading Loading @@ -909,6 +913,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, Loading @@ -924,6 +929,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, Loading Loading @@ -969,6 +975,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, Loading @@ -984,6 +991,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, Loading Loading @@ -1182,6 +1190,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1197,6 +1206,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1227,6 +1237,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1242,6 +1253,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1272,6 +1284,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1287,6 +1300,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1588,6 +1602,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, }, # ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, Loading @@ -1603,6 +1618,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, Loading Loading @@ -1712,6 +1728,7 @@ static SSL_CIPHER ssl3_ciphers[] = { #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, Loading Loading @@ -1757,6 +1774,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, # endif { 1, TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, Loading
test/cipherlist_test.c +0 −13 Original line number Diff line number Diff line Loading @@ -104,16 +104,6 @@ static const uint32_t default_ciphers_in_order[] = { TLS1_CK_DHE_RSA_WITH_AES_128_SHA, #endif #ifndef OPENSSL_NO_DES # ifndef OPENSSL_NO_EC TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, # endif # ifndef OPENSSL_NO_DH SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, # endif #endif /* !OPENSSL_NO_DES */ #ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, Loading @@ -123,9 +113,6 @@ static const uint32_t default_ciphers_in_order[] = { TLS1_CK_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, #ifndef OPENSSL_NO_DES SSL3_CK_RSA_DES_192_CBC3_SHA, #endif }; static int test_default_cipherlist(SSL_CTX *ctx) Loading
Viktor Dukhovni <viktor@openssl.org>Viktor Dukhovni <viktor@openssl.org>