generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable invalid ciphersuites

Browse Source
This commit is contained in:
Bodo Möller 2006-06-14 17:51:46 +00:00
parent 89bbe14c50
commit 5b57fe0a1e
2 changed files with 31 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
CHANGES
View File

@ -250,21 +250,6 @@
implementations, between 32- and 64-bit builds without hassle. implementations, between 32- and 64-bit builds without hassle.
[Andy Polyakov] [Andy Polyakov]
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
The latter two were purportedly from
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
appear there.
Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt
remain enabled for now, but are just as unofficial, and the ID
has long expired; these will probably disappear soon.
[Bodo Moeller]
*) Move code previously exiled into file crypto/ec/ec2_smpt.c *) Move code previously exiled into file crypto/ec/ec2_smpt.c
to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
macro. macro.
@ -322,6 +307,21 @@
Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] Changes between 0.9.8b and 0.9.8c [xx XXX xxxx]
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
The latter two were purportedly from
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
appear there.
Also deactive the remaining ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
unofficial, and the ID has long expired.
[Bodo Moeller]
*) Fix RSA blinding Heisenbug (problems sometimes occured on *) Fix RSA blinding Heisenbug (problems sometimes occured on
dual-core machines) and other potential thread-safety issues. dual-core machines) and other potential thread-safety issues.
[Bodo Moeller] [Bodo Moeller]
@ -1248,6 +1248,21 @@
Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] Changes between 0.9.7j and 0.9.7k [xx XXX xxxx]
*) Disable rogue ciphersuites:
- SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
The latter two were purportedly from
draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
appear there.
Also deactive the remaining ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
unofficial, and the ID has long expired.
[Bodo Moeller]
*) Fix RSA blinding Heisenbug (problems sometimes occured on *) Fix RSA blinding Heisenbug (problems sometimes occured on
dual-core machines) and other potential thread-safety issues. dual-core machines) and other potential thread-safety issues.
[Bodo Moeller] [Bodo Moeller]

2
ssl/tls1.h
View File

@ -157,7 +157,7 @@
extern "C" { extern "C" {
#endif #endif
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
#define TLS1_VERSION 0x0301 #define TLS1_VERSION 0x0301
#define TLS1_VERSION_MAJOR 0x03 #define TLS1_VERSION_MAJOR 0x03