Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
strength "FIPS" to represent all FIPS approved ciphersuites without NULL encryption.
This commit is contained in:
Dr. Stephen Henson
40
ssl/s3_lib.c
40
ssl/s3_lib.c
@@ -196,7 +196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_eNULL,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE,
|
||||
SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
0,
|
||||
0,
|
||||
@@ -326,7 +326,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
168,
|
||||
168,
|
||||
@@ -375,7 +375,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
168,
|
||||
168,
|
||||
@@ -423,7 +423,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
168,
|
||||
168,
|
||||
@@ -472,7 +472,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
168,
|
||||
168,
|
||||
@@ -520,7 +520,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
168,
|
||||
168,
|
||||
@@ -600,7 +600,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
168,
|
||||
168,
|
||||
@@ -685,7 +685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
168,
|
||||
168,
|
||||
@@ -895,7 +895,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@@ -910,7 +910,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@@ -925,7 +925,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@@ -940,7 +940,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@@ -955,7 +955,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@@ -970,7 +970,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
@@ -986,7 +986,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@@ -1001,7 +1001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@@ -1017,7 +1017,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@@ -1033,7 +1033,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@@ -1049,7 +1049,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
@@ -1065,7 +1065,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
|
||||
Reference in New Issue
Block a user