Disable SSLv2 default build, default negotiation and weak ciphers.

SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. Mitigation for CVE-2016-0800 Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-17 21:07:48 -05:00
parent c175308407
commit 9dfd2be8a1
6 changed files with 42 additions and 3 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2054,6 +2054,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     */
    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;

+    /*
+     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+     * explicitly clear this option via either of SSL_CTX_clear_options() or
+     * SSL_clear_options().
+     */
+    ret->options |= SSL_OP_NO_SSLv2;
+
    return (ret);
 err:
    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);