From 1d90f280297195f4f1fb42fdeecd0e6f5ee98366 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 6 Apr 2000 22:33:14 +0000 Subject: [PATCH] In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites --- CHANGES | 6 ++++++ apps/ciphers.c | 5 +++++ ssl/tls1.h | 11 +++++++++++ 3 files changed, 22 insertions(+) diff --git a/CHANGES b/CHANGES index 4269015fa..aa2081519 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) Add '-tls1' option to 'openssl ciphers', which was already + mentioned in the documentation but had not been implemented. + (This option is not yet really useful because even the additional + experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.) + [Bodo Moeller] + *) Initial DSO code added into libcrypto for letting OpenSSL (and OpenSSL-based applications) load shared libraries and bind to them in a portable way. diff --git a/apps/ciphers.c b/apps/ciphers.c index f8e9e7be2..72b2009e1 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -74,6 +74,7 @@ static char *ciphers_usage[]={ " -v - verbose mode, a textual listing of the ciphers in SSLeay\n", " -ssl2 - SSL2 mode\n", " -ssl3 - SSL3 mode\n", +" -tls1 - TLS1 mode\n", NULL }; @@ -121,6 +122,10 @@ int MAIN(int argc, char **argv) #ifndef NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); +#endif +#ifndef NO_TLS1 + else if (strcmp(*argv,"-tls1") == 0) + meth=TLSv1_client_method(); #endif else if ((strncmp(*argv,"-h",2) == 0) || (strcmp(*argv,"-?") == 0)) diff --git a/ssl/tls1.h b/ssl/tls1.h index 6e2b06d34..cf92ae034 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -84,6 +84,10 @@ extern "C" { #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 +/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt + * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see + * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably + * shouldn't. */ #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 @@ -92,6 +96,13 @@ extern "C" { #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 +/* XXX + * Inconsistency alert: + * The OpenSSL names of ciphers with ephemeral DH here include the string + * "DHE", while elsewhere it has always been "EDH". + * (The alias for the list of all such ciphers also is "EDH".) + * The specifications speak of "EDH"; maybe we should allow both forms + * for everything. */ #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"