Remove export static DH ciphersuites
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
ciphersuites) to 1.0.2. However the two export ones have *never* worked
since they were introduced. It seems strange in any case to be adding new
export ciphersuites, and given "logjam" it also does not seem correct to
fix them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 13f8eb4730)
Conflicts:
CHANGES
This commit is contained in:
Matt Caswell
parent
c6eb1cbd1e
commit
595487ea19
3 changed files with 10 additions and 4 deletions
8
CHANGES
8
CHANGES
|
|
@ -4,6 +4,14 @@
|
|||
|
||||
Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
|
||||
|
||||
*) Removed support for the two export grade static DH ciphersuites
|
||||
EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
|
||||
were newly added (along with a number of other static DH ciphersuites) to
|
||||
1.0.2. However the two export ones have *never* worked since they were
|
||||
introduced. It seems strange in any case to be adding new export
|
||||
ciphersuites, and given "logjam" it also does not seem correct to fix them.
|
||||
[Matt Caswell]
|
||||
|
||||
*) Only support 256-bit or stronger elliptic curves with the
|
||||
'ecdh_auto' setting (server) or by default (client). Of supported
|
||||
curves, prefer P-256 (both).
|
||||
|
|
|
|||
|
|
@ -365,10 +365,8 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
|
|||
SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
|
||||
|
||||
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DH-DSS-DES-CBC-SHA
|
||||
SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA
|
||||
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
|
||||
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DH-RSA-DES-CBC-SHA
|
||||
SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA
|
||||
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
|
||||
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
|
||||
|
|
|
|||
|
|
@ -330,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
/* The DH ciphers */
|
||||
/* Cipher 0B */
|
||||
{
|
||||
1,
|
||||
0,
|
||||
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
|
||||
SSL3_CK_DH_DSS_DES_40_CBC_SHA,
|
||||
SSL_kDHd,
|
||||
|
|
@ -378,7 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
|
||||
/* Cipher 0E */
|
||||
{
|
||||
1,
|
||||
0,
|
||||
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
|
||||
SSL3_CK_DH_RSA_DES_40_CBC_SHA,
|
||||
SSL_kDHr,
|
||||
|
|
|
|||
Loading…
Reference in a new issue