Remove ECDH(E) ciphers from SSLv3 (fe55c4a2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_lib.c

+20 −20

Original line number	Diff line number	Diff line
		@@ -931,7 +931,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aECDSA,
		SSL_eNULL,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_STRONG_NONE \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -947,7 +947,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aECDSA,
		SSL_3DES,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -963,7 +963,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aECDSA,
		SSL_AES128,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -978,7 +978,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aECDSA,
		SSL_AES256,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -993,7 +993,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aRSA,
		SSL_eNULL,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_STRONG_NONE \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1009,7 +1009,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aRSA,
		SSL_3DES,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1025,7 +1025,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aRSA,
		SSL_AES128,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1040,7 +1040,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aRSA,
		SSL_AES256,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1055,7 +1055,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aNULL,
		SSL_eNULL,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_STRONG_NONE \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1071,7 +1071,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aNULL,
		SSL_3DES,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1087,7 +1087,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aNULL,
		SSL_AES128,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1102,7 +1102,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aNULL,
		SSL_AES256,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_NOT_DEFAULT \| SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1698,7 +1698,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aPSK,
		SSL_3DES,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_NOT_DEFAULT \| SSL_MEDIUM \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1714,7 +1714,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aPSK,
		SSL_AES128,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1729,7 +1729,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aPSK,
		SSL_AES256,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -1774,7 +1774,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aPSK,
		SSL_eNULL,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		DTLS1_BAD_VER, DTLS1_2_VERSION,
		SSL_STRONG_NONE \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -2701,7 +2701,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aPSK,
		SSL_RC4,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		0, 0,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -2716,7 +2716,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aNULL,
		SSL_RC4,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		0, 0,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -2731,7 +2731,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aECDSA,
		SSL_RC4,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		0, 0,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		@@ -2746,7 +2746,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
		SSL_aRSA,
		SSL_RC4,
		SSL_SHA1,
		SSL3_VERSION, TLS1_2_VERSION,
		TLS1_VERSION, TLS1_2_VERSION,
		0, 0,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,

Admin message