Put DES into "not default" category. (ef28891b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+3 −2

Original line number	Diff line number	Diff line
		@@ -4,8 +4,9 @@

		Changes between 1.0.2h and 1.1.0 [xx XXX xxxx]

		*) Because of the SWEET32 attack, 3DES cipher suites have been disabled by
		default like RC4. See the RC4 item below to re-enable both.
		*) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites
		have been disabled by default and removed from DEFAULT, just like RC4.
		See the RC4 item below to re-enable both.
		[Rich Salz]

		*) The method for finding the storage location for the Windows RAND seed file

ssl/s3_lib.c

+11 −11

Original line number	Diff line number	Diff line
		@@ -57,7 +57,7 @@
		#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)

		/*
		* The list of available ciphers, organized into the following
		* The list of available ciphers, mostly organized into the following
		* groups:
		* Always there
		* EC
		@@ -108,7 +108,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -138,7 +138,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -862,7 +862,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -924,7 +924,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -1201,7 +1201,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -1248,7 +1248,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -1295,7 +1295,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -1613,7 +1613,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM \| SSL_FIPS,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -1739,7 +1739,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		@@ -1754,7 +1754,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_MEDIUM,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,