disable AES ciphersuites unless explicitly requested

CHANGES

@@ -1021,9 +1021,16 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
   *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
      handle the new API. Currently only ECB, CBC modes supported. Add new
-     AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites
-     for TLS" draft-ietf-tls-ciphersuite-03.txt.
-     [Ben Laurie, Steve Henson]
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in the "AES Ciphersuites
+     for TLS" draft-ietf-tls-ciphersuite-03.txt. As these are not yet
+     official, they are not enabled by default and are not even part
+     of the "ALL" ciphersuite alias; for now, they must be explicitly
+     requested by specifying the new "AESdraft" ciphersuite alias. If
+     you want the default ciphersuite list plus the new ciphersuites,
+     use "DEFAULT:AESdraft:@STRENGTH".
+     [Ben Laurie, Steve Henson, Bodo Moeller]
 
   *) New function OCSP_copy_nonce() to copy nonce value (if present) from
      request to response.

ssl/ssl.h

@@ -253,7 +253,7 @@ extern "C" {
 #define SSL_TXT_RC4		"RC4"
 #define SSL_TXT_RC2		"RC2"
 #define SSL_TXT_IDEA		"IDEA"
-#define SSL_TXT_AES		"AES"
+#define SSL_TXT_AES		"AESdraft" /* AES ciphersuites are not yet official (thus excluded from 'ALL') */
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"
@@ -266,9 +266,10 @@ extern "C" {
 #define SSL_TXT_TLSV1		"TLSv1"
 #define SSL_TXT_ALL		"ALL"
 
-/* 'DEFAULT' at the start of the cipher list insert the following string
- * in addition to this being the default cipher string */
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+/* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:@STRENGTH"
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN	1

ssl/ssl_ciph.c

@@ -100,8 +100,9 @@ typedef struct cipher_order_st
 	} CIPHER_ORDER;
 
 static const SSL_CIPHER cipher_aliases[]={
-	/* Don't include eNULL unless specifically enabled */
-	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+	/* Don't include eNULL unless specifically enabled.
+	 * Similarly, don't include AES in ALL because these ciphers are not yet official. */
+	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_AES, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
         {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
 	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
@@ -998,10 +999,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_AES:
 		switch(cipher->strength_bits)
 			{
-		case 128: enc="AES(128)"; break;
-		case 192: enc="AES(192)"; break;
-		case 256: enc="AES(256)"; break;
-		default: enc="AES(?""?""?)"; break;
+		case 128: enc="AESdraft(128)"; break;
+		case 192: enc="AESdraft(192)"; break;
+		case 256: enc="AESdraft(256)"; break;
+		default: enc="AESdraft(?""?""?)"; break;
 			}
 		break;
 	default:

ssl/tls1.h

@@ -127,19 +127,19 @@ extern "C" {
 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
   /* AES ciphersuites from draft ietf-tls-ciphersuite-03.txt */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"
+#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AESdraft128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AESdraft128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AESdraft128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AESdraft128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AESdraft128-SHA"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AESdraft128-SHA"
 
-#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"
+#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AESdraft256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AESdraft256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AESdraft256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AESdraft256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AESdraft256-SHA"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AESdraft256-SHA"
 
 
 #define TLS_CT_RSA_SIGN			1