Loading CHANGES +15 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,21 @@ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt remain enabled for now, but are just as unofficial, and the ID has long expired; these will probably disappear soon. [Bodo Moeller] *) Move code previously exiled into file crypto/ec/ec2_smpt.c to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP macro. Loading ssl/s2_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ #if 1 #if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, Loading ssl/s3_lib.c +3 −1 Original line number Diff line number Diff line Loading @@ -1213,7 +1213,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #endif /* OPENSSL_NO_ECDH */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES /* New TLS Export CipherSuites */ /* New TLS Export CipherSuites from expired ID */ #if 0 /* Cipher 60 */ { 1, Loading @@ -1240,6 +1241,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* Cipher 62 */ { 1, Loading ssl/tls1.h +5 −4 Original line number Diff line number Diff line Loading @@ -97,12 +97,13 @@ extern "C" { #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt /* Additional TLS ciphersuites from expired Internet Draft * draft-ietf-tls-56-bit-ciphersuites-01.txt * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably * shouldn't. */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 * shouldn't. Note that the first two are actually not in the IDs. */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 Loading Loading
CHANGES +15 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,21 @@ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] *) Disable rogue ciphersuites: - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really appear there. Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt remain enabled for now, but are just as unofficial, and the ID has long expired; these will probably disappear soon. [Bodo Moeller] *) Move code previously exiled into file crypto/ec/ec2_smpt.c to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP macro. Loading
ssl/s2_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ #if 1 #if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, Loading
ssl/s3_lib.c +3 −1 Original line number Diff line number Diff line Loading @@ -1213,7 +1213,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #endif /* OPENSSL_NO_ECDH */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES /* New TLS Export CipherSuites */ /* New TLS Export CipherSuites from expired ID */ #if 0 /* Cipher 60 */ { 1, Loading @@ -1240,6 +1241,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* Cipher 62 */ { 1, Loading
ssl/tls1.h +5 −4 Original line number Diff line number Diff line Loading @@ -97,12 +97,13 @@ extern "C" { #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt /* Additional TLS ciphersuites from expired Internet Draft * draft-ietf-tls-56-bit-ciphersuites-01.txt * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably * shouldn't. */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 * shouldn't. Note that the first two are actually not in the IDs. */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 Loading
