Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA

Replace the full ciphersuites with "EDH-" in their labels with "DHE-"
so that all DHE ciphersuites are referred to in the same way.

Leave backward-compatible aliases for the ciphersuites in question so
that configurations which specify these explicitly will continue
working.
This commit is contained in:
Daniel Kahn Gillmor 2013-12-20 02:28:10 -05:00 committed by Dr. Stephen Henson
parent 889f39c70f
commit 4b5cce664c
3 changed files with 32 additions and 6 deletions

View file

@ -428,7 +428,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* Cipher 11 */ /* Cipher 11 */
{ {
1, 1,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, SSL3_TXT_DHE_DSS_DES_40_CBC_SHA,
SSL3_CK_DHE_DSS_DES_40_CBC_SHA, SSL3_CK_DHE_DSS_DES_40_CBC_SHA,
SSL_kDHE, SSL_kDHE,
SSL_aDSS, SSL_aDSS,
@ -444,7 +444,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* Cipher 12 */ /* Cipher 12 */
{ {
1, 1,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, SSL3_TXT_DHE_DSS_DES_64_CBC_SHA,
SSL3_CK_DHE_DSS_DES_64_CBC_SHA, SSL3_CK_DHE_DSS_DES_64_CBC_SHA,
SSL_kDHE, SSL_kDHE,
SSL_aDSS, SSL_aDSS,
@ -460,7 +460,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* Cipher 13 */ /* Cipher 13 */
{ {
1, 1,
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
SSL_kDHE, SSL_kDHE,
SSL_aDSS, SSL_aDSS,
@ -476,7 +476,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* Cipher 14 */ /* Cipher 14 */
{ {
1, 1,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, SSL3_TXT_DHE_RSA_DES_40_CBC_SHA,
SSL3_CK_DHE_RSA_DES_40_CBC_SHA, SSL3_CK_DHE_RSA_DES_40_CBC_SHA,
SSL_kDHE, SSL_kDHE,
SSL_aRSA, SSL_aRSA,
@ -492,7 +492,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* Cipher 15 */ /* Cipher 15 */
{ {
1, 1,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, SSL3_TXT_DHE_RSA_DES_64_CBC_SHA,
SSL3_CK_DHE_RSA_DES_64_CBC_SHA, SSL3_CK_DHE_RSA_DES_64_CBC_SHA,
SSL_kDHE, SSL_kDHE,
SSL_aRSA, SSL_aRSA,
@ -508,7 +508,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
/* Cipher 16 */ /* Cipher 16 */
{ {
1, 1,
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
SSL_kDHE, SSL_kDHE,
SSL_aRSA, SSL_aRSA,

View file

@ -214,6 +214,17 @@ extern "C" {
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
#define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA"
#define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA"
#define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA"
#define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA"
#define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA"
#define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA"
/* This next block of six "EDH" labels is for backward compatibility
with older versions of OpenSSL. New code should use the six "DHE"
labels above instead:
*/
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"

View file

@ -330,6 +330,21 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
/* FIPS 140-2 approved ciphersuite */ /* FIPS 140-2 approved ciphersuite */
{0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
{0,SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,0,
SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
{0,SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,0,
SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
{0,SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,0,
SSL_kDHE,SSL_aDSS,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
{0,SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,0,
SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
{0,SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,0,
SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
{0,SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,0,
SSL_kDHE,SSL_aRSA,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
}; };
/* Search for public key algorithm with given name and /* Search for public key algorithm with given name and
* return its pkey_id if it is available. Otherwise return 0 * return its pkey_id if it is available. Otherwise return 0