SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Rich Salz
parent
0ec0104335
commit
0fff506588
2 changed files with 21 additions and 17 deletions
4
CHANGES
4
CHANGES
|
|
@ -6,6 +6,10 @@
|
|||
|
||||
*)
|
||||
|
||||
*) In order to mitigate the SWEET32 attack (CVE-2016-2183),
|
||||
the DES ciphers were moved from HIGH to MEDIUM.
|
||||
[Rich Salz]
|
||||
|
||||
Changes between 1.0.2g and 1.0.2h [3 May 2016]
|
||||
|
||||
*) Prevent padding oracle in AES-NI CBC MAC check
|
||||
|
|
|
|||
34
ssl/s3_lib.c
34
ssl/s3_lib.c
|
|
@ -329,7 +329,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -382,7 +382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -434,7 +434,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -487,7 +487,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -539,7 +539,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -625,7 +625,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -712,7 +712,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -778,7 +778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -1728,7 +1728,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2120,7 +2120,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2200,7 +2200,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2280,7 +2280,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2360,7 +2360,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2440,7 +2440,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2490,7 +2490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2506,7 +2506,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2522,7 +2522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
|
|||
Loading…
Reference in a new issue