Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA
Replace the full ciphersuites with "EDH-" in their labels with "DHE-" so that all DHE ciphersuites are referred to in the same way. Leave backward-compatible aliases for the ciphersuites in question so that configurations which specify these explicitly will continue working.
This commit is contained in:
parent
889f39c70f
commit
4b5cce664c
3 changed files with 32 additions and 6 deletions
12
ssl/s3_lib.c
12
ssl/s3_lib.c
|
@ -428,7 +428,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||||
/* Cipher 11 */
|
/* Cipher 11 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
|
SSL3_TXT_DHE_DSS_DES_40_CBC_SHA,
|
||||||
SSL3_CK_DHE_DSS_DES_40_CBC_SHA,
|
SSL3_CK_DHE_DSS_DES_40_CBC_SHA,
|
||||||
SSL_kDHE,
|
SSL_kDHE,
|
||||||
SSL_aDSS,
|
SSL_aDSS,
|
||||||
|
@ -444,7 +444,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||||
/* Cipher 12 */
|
/* Cipher 12 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
|
SSL3_TXT_DHE_DSS_DES_64_CBC_SHA,
|
||||||
SSL3_CK_DHE_DSS_DES_64_CBC_SHA,
|
SSL3_CK_DHE_DSS_DES_64_CBC_SHA,
|
||||||
SSL_kDHE,
|
SSL_kDHE,
|
||||||
SSL_aDSS,
|
SSL_aDSS,
|
||||||
|
@ -460,7 +460,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||||
/* Cipher 13 */
|
/* Cipher 13 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
|
SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
|
||||||
SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
|
SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
|
||||||
SSL_kDHE,
|
SSL_kDHE,
|
||||||
SSL_aDSS,
|
SSL_aDSS,
|
||||||
|
@ -476,7 +476,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||||
/* Cipher 14 */
|
/* Cipher 14 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
|
SSL3_TXT_DHE_RSA_DES_40_CBC_SHA,
|
||||||
SSL3_CK_DHE_RSA_DES_40_CBC_SHA,
|
SSL3_CK_DHE_RSA_DES_40_CBC_SHA,
|
||||||
SSL_kDHE,
|
SSL_kDHE,
|
||||||
SSL_aRSA,
|
SSL_aRSA,
|
||||||
|
@ -492,7 +492,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||||
/* Cipher 15 */
|
/* Cipher 15 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
|
SSL3_TXT_DHE_RSA_DES_64_CBC_SHA,
|
||||||
SSL3_CK_DHE_RSA_DES_64_CBC_SHA,
|
SSL3_CK_DHE_RSA_DES_64_CBC_SHA,
|
||||||
SSL_kDHE,
|
SSL_kDHE,
|
||||||
SSL_aRSA,
|
SSL_aRSA,
|
||||||
|
@ -508,7 +508,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
||||||
/* Cipher 16 */
|
/* Cipher 16 */
|
||||||
{
|
{
|
||||||
1,
|
1,
|
||||||
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
|
SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
|
||||||
SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
|
SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
|
||||||
SSL_kDHE,
|
SSL_kDHE,
|
||||||
SSL_aRSA,
|
SSL_aRSA,
|
||||||
|
|
11
ssl/ssl3.h
11
ssl/ssl3.h
|
@ -214,6 +214,17 @@ extern "C" {
|
||||||
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
|
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
|
||||||
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
|
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
|
||||||
|
|
||||||
|
#define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA"
|
||||||
|
#define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA"
|
||||||
|
#define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA"
|
||||||
|
#define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA"
|
||||||
|
#define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA"
|
||||||
|
#define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA"
|
||||||
|
|
||||||
|
/* This next block of six "EDH" labels is for backward compatibility
|
||||||
|
with older versions of OpenSSL. New code should use the six "DHE"
|
||||||
|
labels above instead:
|
||||||
|
*/
|
||||||
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
|
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
|
||||||
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
|
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
|
||||||
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
|
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
|
||||||
|
|
|
@ -330,6 +330,21 @@ static const SSL_CIPHER cipher_aliases[]={
|
||||||
{0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
|
{0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
|
||||||
/* FIPS 140-2 approved ciphersuite */
|
/* FIPS 140-2 approved ciphersuite */
|
||||||
{0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
|
{0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
|
||||||
|
|
||||||
|
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
|
||||||
|
{0,SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,0,
|
||||||
|
SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
|
||||||
|
{0,SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,0,
|
||||||
|
SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
|
||||||
|
{0,SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,0,
|
||||||
|
SSL_kDHE,SSL_aDSS,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
|
||||||
|
{0,SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,0,
|
||||||
|
SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
|
||||||
|
{0,SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,0,
|
||||||
|
SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
|
||||||
|
{0,SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,0,
|
||||||
|
SSL_kDHE,SSL_aRSA,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
|
||||||
|
|
||||||
};
|
};
|
||||||
/* Search for public key algorithm with given name and
|
/* Search for public key algorithm with given name and
|
||||||
* return its pkey_id if it is available. Otherwise return 0
|
* return its pkey_id if it is available. Otherwise return 0
|
||||||
|
|
Loading…
Reference in a new issue