generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites

Browse Source
This commit is contained in:
Bodo Möller 2000-04-06 22:33:14 +00:00
parent 8acdd759b9
commit 1d90f28029
3 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -4,6 +4,12 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) Add '-tls1' option to 'openssl ciphers', which was already
mentioned in the documentation but had not been implemented.
(This option is not yet really useful because even the additional
experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
[Bodo Moeller]
*) Initial DSO code added into libcrypto for letting OpenSSL (and *) Initial DSO code added into libcrypto for letting OpenSSL (and
OpenSSL-based applications) load shared libraries and bind to OpenSSL-based applications) load shared libraries and bind to
them in a portable way. them in a portable way.

5
apps/ciphers.c
View File

@ -74,6 +74,7 @@ static char *ciphers_usage[]={
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", " -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
" -ssl2 - SSL2 mode\n", " -ssl2 - SSL2 mode\n",
" -ssl3 - SSL3 mode\n", " -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n",
NULL NULL
}; };
@ -121,6 +122,10 @@ int MAIN(int argc, char **argv)
#ifndef NO_SSL3 #ifndef NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0) else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method(); meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif #endif
else if ((strncmp(*argv,"-h",2) == 0) || else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0)) (strcmp(*argv,"-?") == 0))

11
ssl/tls1.h
View File

@ -84,6 +84,10 @@ extern "C" {
#define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_USER_CANCELLED 90
#define TLS1_AD_NO_RENEGOTIATION 100 #define TLS1_AD_NO_RENEGOTIATION 100
/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
* s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
* shouldn't. */
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
@ -92,6 +96,13 @@ extern "C" {
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
/* XXX
* Inconsistency alert:
* The OpenSSL names of ciphers with ephemeral DH here include the string
* "DHE", while elsewhere it has always been "EDH".
* (The alias for the list of all such ciphers also is "EDH".)
* The specifications speak of "EDH"; maybe we should allow both forms
* for everything. */
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"