In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites
This commit is contained in:
Bodo Möller
parent
8acdd759b9
commit
1d90f28029
6
CHANGES
6
CHANGES
@ -4,6 +4,12 @@
|
||||
|
||||
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
|
||||
|
||||
*) Add '-tls1' option to 'openssl ciphers', which was already
|
||||
mentioned in the documentation but had not been implemented.
|
||||
(This option is not yet really useful because even the additional
|
||||
experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Initial DSO code added into libcrypto for letting OpenSSL (and
|
||||
OpenSSL-based applications) load shared libraries and bind to
|
||||
them in a portable way.
|
||||
|
||||
@ -74,6 +74,7 @@ static char *ciphers_usage[]={
|
||||
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
|
||||
" -ssl2 - SSL2 mode\n",
|
||||
" -ssl3 - SSL3 mode\n",
|
||||
" -tls1 - TLS1 mode\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
@ -121,6 +122,10 @@ int MAIN(int argc, char **argv)
|
||||
#ifndef NO_SSL3
|
||||
else if (strcmp(*argv,"-ssl3") == 0)
|
||||
meth=SSLv3_client_method();
|
||||
#endif
|
||||
#ifndef NO_TLS1
|
||||
else if (strcmp(*argv,"-tls1") == 0)
|
||||
meth=TLSv1_client_method();
|
||||
#endif
|
||||
else if ((strncmp(*argv,"-h",2) == 0) ||
|
||||
(strcmp(*argv,"-?") == 0))
|
||||
|
||||
11
ssl/tls1.h
11
ssl/tls1.h
@ -84,6 +84,10 @@ extern "C" {
|
||||
#define TLS1_AD_USER_CANCELLED 90
|
||||
#define TLS1_AD_NO_RENEGOTIATION 100
|
||||
|
||||
/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
|
||||
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
|
||||
* s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
|
||||
* shouldn't. */
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
|
||||
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
|
||||
@ -92,6 +96,13 @@ extern "C" {
|
||||
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
|
||||
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
|
||||
|
||||
/* XXX
|
||||
* Inconsistency alert:
|
||||
* The OpenSSL names of ciphers with ephemeral DH here include the string
|
||||
* "DHE", while elsewhere it has always been "EDH".
|
||||
* (The alias for the list of all such ciphers also is "EDH".)
|
||||
* The specifications speak of "EDH"; maybe we should allow both forms
|
||||
* for everything. */
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
|
||||
#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user