From 5e3d21fef150f020e2d33439401da8f7e311aa24 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 13 Nov 2015 12:52:51 +0000 Subject: [PATCH] Use SSL_TLSV1 only if at least TLS v1.0 is needed. Reviewed-by: Matt Caswell --- ssl/s3_lib.c | 172 ++++++++++++++++++++++++------------------------- ssl/ssl_ciph.c | 2 +- 2 files changed, 87 insertions(+), 87 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8b1276174b..13bf3187d5 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -608,7 +608,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -623,7 +623,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -638,7 +638,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -656,7 +656,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -671,7 +671,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -686,7 +686,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -701,7 +701,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -716,7 +716,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -731,7 +731,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -747,7 +747,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -762,7 +762,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -778,7 +778,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -794,7 +794,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -810,7 +810,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -826,7 +826,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -942,7 +942,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -958,7 +958,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -974,7 +974,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -990,7 +990,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1006,7 +1006,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1022,7 +1022,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_CAMELLIA128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1153,7 +1153,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aGOST01, SSL_eGOST2814789CNT, SSL_GOST89MAC, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, @@ -1167,7 +1167,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aGOST01, SSL_eNULL, SSL_GOST94, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, @@ -1186,7 +1186,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1201,7 +1201,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1217,7 +1217,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1233,7 +1233,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1249,7 +1249,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1265,7 +1265,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_CAMELLIA256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1284,7 +1284,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1300,7 +1300,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -1316,7 +1316,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1332,7 +1332,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1348,7 +1348,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1364,7 +1364,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -1380,7 +1380,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1396,7 +1396,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1412,7 +1412,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1428,7 +1428,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -1444,7 +1444,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1460,7 +1460,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -1480,7 +1480,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1496,7 +1496,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1512,7 +1512,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDH, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1528,7 +1528,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1544,7 +1544,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -1560,7 +1560,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_SEED, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2277,7 +2277,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -2293,7 +2293,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2309,7 +2309,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2325,7 +2325,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2341,7 +2341,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2357,7 +2357,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -2373,7 +2373,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2389,7 +2389,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2405,7 +2405,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2421,7 +2421,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2437,7 +2437,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -2453,7 +2453,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2469,7 +2469,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2485,7 +2485,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2501,7 +2501,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aECDH, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2517,7 +2517,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -2533,7 +2533,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2549,7 +2549,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2565,7 +2565,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2581,7 +2581,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2597,7 +2597,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, @@ -2613,7 +2613,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2629,7 +2629,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2645,7 +2645,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2661,7 +2661,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aNULL, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2679,7 +2679,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aSRP, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2695,7 +2695,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2711,7 +2711,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -2727,7 +2727,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aSRP, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2743,7 +2743,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2759,7 +2759,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -2775,7 +2775,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aSRP, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2791,7 +2791,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -2807,7 +2807,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aDSS, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -3086,7 +3086,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_RC4, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -3102,7 +3102,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_3DES, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, @@ -3118,7 +3118,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES128, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, @@ -3134,7 +3134,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_AES256, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, @@ -3182,7 +3182,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_aPSK, SSL_eNULL, SSL_SHA1, - SSL_TLSV1, + SSL_SSLV3, SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 0cecd929a3..5d0ec23607 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -389,7 +389,7 @@ static const SSL_CIPHER cipher_aliases[] = { /* protocol version aliases */ {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, - {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, + {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, /* export flag */