Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be "ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined internally by a flag on each ciphersuite indicating whether it should be excluded from DEFAULT or not. This gives us control at an individual ciphersuite level as to exactly what is in DEFAULT and what is not. Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT and hence removed from DEFAULT. Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
parent
8eed3289b2
commit
c84f7f4a74
6 changed files with 98 additions and 72 deletions
6
CHANGES
6
CHANGES
|
@ -4,6 +4,12 @@
|
||||||
|
|
||||||
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
|
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although
|
||||||
|
in 1.0.2 EXPORT was already removed and the only RC2 ciphersuite is also
|
||||||
|
an EXPORT one. COMPLEMENTOFDEFAULT has been updated accordingly to add
|
||||||
|
DES and RC4 ciphersuites.
|
||||||
|
[Matt Caswell]
|
||||||
|
|
||||||
*) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
|
*) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
|
||||||
This changes the decoding behaviour for some invalid messages,
|
This changes the decoding behaviour for some invalid messages,
|
||||||
though the change is mostly in the more lenient direction, and
|
though the change is mostly in the more lenient direction, and
|
||||||
|
|
|
@ -117,15 +117,16 @@ The following is a list of all permitted cipher strings and their meanings.
|
||||||
|
|
||||||
=item B<DEFAULT>
|
=item B<DEFAULT>
|
||||||
|
|
||||||
the default cipher list. This is determined at compile time and, as of OpenSSL
|
the default cipher list. This is determined at compile time and
|
||||||
1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
|
is B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>. This must be the first cipher
|
||||||
specified.
|
string specified.
|
||||||
|
|
||||||
=item B<COMPLEMENTOFDEFAULT>
|
=item B<COMPLEMENTOFDEFAULT>
|
||||||
|
|
||||||
the ciphers included in B<ALL>, but not enabled by default. Currently
|
the ciphers included in B<ALL>, but not enabled by default. Currently
|
||||||
this is B<ADH> and B<AECDH>. Note that this rule does not cover B<eNULL>,
|
this includes all RC4, DES, RC2 and anonymous ciphers. Note that this rule does
|
||||||
which is not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
|
not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if
|
||||||
|
necessary).
|
||||||
|
|
||||||
=item B<ALL>
|
=item B<ALL>
|
||||||
|
|
||||||
|
|
|
@ -290,7 +290,7 @@ extern "C" {
|
||||||
* The following cipher list is used by default. It also is substituted when
|
* The following cipher list is used by default. It also is substituted when
|
||||||
* an application-defined cipher list string starts with 'DEFAULT'.
|
* an application-defined cipher list string starts with 'DEFAULT'.
|
||||||
*/
|
*/
|
||||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL"
|
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
|
||||||
/*
|
/*
|
||||||
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
||||||
* starts with a reasonable order, and all we have to do for DEFAULT is
|
* starts with a reasonable order, and all we have to do for DEFAULT is
|
||||||
|
|
126
ssl/s3_lib.c
126
ssl/s3_lib.c
|
@ -173,7 +173,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_MD5,
|
SSL_MD5,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -189,7 +189,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -205,7 +205,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_MD5,
|
SSL_MD5,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
|
@ -221,7 +221,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_MD5,
|
SSL_MD5,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -237,7 +237,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -253,7 +253,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC2,
|
SSL_RC2,
|
||||||
SSL_MD5,
|
SSL_MD5,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
|
@ -287,7 +287,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
|
@ -303,7 +303,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_LOW,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
|
@ -336,7 +336,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
|
@ -352,7 +352,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_LOW,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
|
@ -384,7 +384,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
|
@ -400,7 +400,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_LOW,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
|
@ -433,7 +433,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
|
@ -449,7 +449,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_LOW,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
|
@ -481,7 +481,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
56,
|
56,
|
||||||
|
@ -497,7 +497,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_LOW,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
|
@ -529,7 +529,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_MD5,
|
SSL_MD5,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
|
@ -545,7 +545,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_MD5,
|
SSL_MD5,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -561,7 +561,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_EXPORT | SSL_EXP40,
|
SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
40,
|
40,
|
||||||
128,
|
128,
|
||||||
|
@ -577,7 +577,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_DES,
|
SSL_DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_LOW,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
56,
|
56,
|
||||||
56,
|
56,
|
||||||
|
@ -593,7 +593,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_3DES,
|
SSL_3DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_SSLV3,
|
SSL_SSLV3,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
112,
|
112,
|
||||||
168,
|
168,
|
||||||
|
@ -609,7 +609,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -624,7 +624,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -639,7 +639,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -732,7 +732,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES128,
|
SSL_AES128,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -827,7 +827,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES256,
|
SSL_AES256,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
256,
|
256,
|
||||||
256,
|
256,
|
||||||
|
@ -844,7 +844,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1_2,
|
SSL_TLSV1_2,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -1023,7 +1023,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_CAMELLIA128,
|
SSL_CAMELLIA128,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_HIGH,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -1121,7 +1121,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES128,
|
SSL_AES128,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1_2,
|
SSL_TLSV1_2,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -1137,7 +1137,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES256,
|
SSL_AES256,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1_2,
|
SSL_TLSV1_2,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
256,
|
256,
|
||||||
256,
|
256,
|
||||||
|
@ -1168,7 +1168,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_GOST94,
|
SSL_GOST94,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE,
|
||||||
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
|
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
|
||||||
0,
|
0,
|
||||||
0
|
0
|
||||||
|
@ -1266,7 +1266,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_CAMELLIA256,
|
SSL_CAMELLIA256,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_HIGH,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
256,
|
256,
|
||||||
256,
|
256,
|
||||||
|
@ -1285,7 +1285,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -1349,7 +1349,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -1413,7 +1413,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -1561,7 +1561,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_SEED,
|
SSL_SEED,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -1741,7 +1741,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES128GCM,
|
SSL_AES128GCM,
|
||||||
SSL_AEAD,
|
SSL_AEAD,
|
||||||
SSL_TLSV1_2,
|
SSL_TLSV1_2,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -1757,7 +1757,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES256GCM,
|
SSL_AES256GCM,
|
||||||
SSL_AEAD,
|
SSL_AEAD,
|
||||||
SSL_TLSV1_2,
|
SSL_TLSV1_2,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||||
256,
|
256,
|
||||||
256,
|
256,
|
||||||
|
@ -1903,7 +1903,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -1919,7 +1919,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA384,
|
SSL_SHA384,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -1967,7 +1967,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -1983,7 +1983,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA384,
|
SSL_SHA384,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2031,7 +2031,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2047,7 +2047,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA384,
|
SSL_SHA384,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2147,7 +2147,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_CAMELLIA128,
|
SSL_CAMELLIA128,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1_2,
|
SSL_TLSV1_2,
|
||||||
SSL_NOT_EXP | SSL_HIGH,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -2243,7 +2243,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_CAMELLIA256,
|
SSL_CAMELLIA256,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1_2,
|
SSL_TLSV1_2,
|
||||||
SSL_NOT_EXP | SSL_HIGH,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
|
||||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||||
256,
|
256,
|
||||||
256,
|
256,
|
||||||
|
@ -2278,7 +2278,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2294,7 +2294,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -2358,7 +2358,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2374,7 +2374,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -2438,7 +2438,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2454,7 +2454,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -2518,7 +2518,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2534,7 +2534,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -2598,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -2614,7 +2614,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -2630,7 +2630,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_3DES,
|
SSL_3DES,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
112,
|
112,
|
||||||
168,
|
168,
|
||||||
|
@ -2646,7 +2646,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES128,
|
SSL_AES128,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -2662,7 +2662,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_AES256,
|
SSL_AES256,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
256,
|
256,
|
||||||
256,
|
256,
|
||||||
|
@ -3087,7 +3087,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_RC4,
|
SSL_RC4,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_MEDIUM,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
128,
|
128,
|
||||||
128,
|
128,
|
||||||
|
@ -3183,7 +3183,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA1,
|
SSL_SHA1,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -3199,7 +3199,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA256,
|
SSL_SHA256,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
@ -3215,7 +3215,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
||||||
SSL_eNULL,
|
SSL_eNULL,
|
||||||
SSL_SHA384,
|
SSL_SHA384,
|
||||||
SSL_TLSV1,
|
SSL_TLSV1,
|
||||||
SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
|
||||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
|
|
|
@ -295,8 +295,7 @@ static const SSL_CIPHER cipher_aliases[] = {
|
||||||
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
|
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
|
||||||
* ALL!)
|
* ALL!)
|
||||||
*/
|
*/
|
||||||
{0, SSL_TXT_CMPDEF, 0, SSL_kDHE | SSL_kECDHE, SSL_aNULL, ~SSL_eNULL, 0, 0,
|
{0, SSL_TXT_CMPDEF, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
|
||||||
0, 0, 0, 0},
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* key exchange aliases (some of those using only a single bit here
|
* key exchange aliases (some of those using only a single bit here
|
||||||
|
@ -966,6 +965,9 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||||
if ((algo_strength & SSL_STRONG_MASK)
|
if ((algo_strength & SSL_STRONG_MASK)
|
||||||
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
|
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
|
||||||
continue;
|
continue;
|
||||||
|
if ((algo_strength & SSL_DEFAULT_MASK)
|
||||||
|
&& !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CIPHER_DEBUG
|
#ifdef CIPHER_DEBUG
|
||||||
|
@ -1251,6 +1253,20 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||||
ca_list[j]->algo_strength & SSL_STRONG_MASK;
|
ca_list[j]->algo_strength & SSL_STRONG_MASK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
|
||||||
|
if (algo_strength & SSL_DEFAULT_MASK) {
|
||||||
|
algo_strength &=
|
||||||
|
(ca_list[j]->algo_strength & SSL_DEFAULT_MASK) |
|
||||||
|
~SSL_DEFAULT_MASK;
|
||||||
|
if (!(algo_strength & SSL_DEFAULT_MASK)) {
|
||||||
|
found = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} else
|
||||||
|
algo_strength |=
|
||||||
|
ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
|
||||||
|
}
|
||||||
|
|
||||||
if (ca_list[j]->valid) {
|
if (ca_list[j]->valid) {
|
||||||
/*
|
/*
|
||||||
* explicit ciphersuite found; its protocol version does not
|
* explicit ciphersuite found; its protocol version does not
|
||||||
|
|
|
@ -429,6 +429,7 @@
|
||||||
*/
|
*/
|
||||||
# define SSL_EXP_MASK 0x00000003L
|
# define SSL_EXP_MASK 0x00000003L
|
||||||
# define SSL_STRONG_MASK 0x000001fcL
|
# define SSL_STRONG_MASK 0x000001fcL
|
||||||
|
# define SSL_DEFAULT_MASK 0X00000200L
|
||||||
|
|
||||||
# define SSL_NOT_EXP 0x00000001L
|
# define SSL_NOT_EXP 0x00000001L
|
||||||
# define SSL_EXPORT 0x00000002L
|
# define SSL_EXPORT 0x00000002L
|
||||||
|
@ -443,7 +444,9 @@
|
||||||
# define SSL_HIGH 0x00000080L
|
# define SSL_HIGH 0x00000080L
|
||||||
# define SSL_FIPS 0x00000100L
|
# define SSL_FIPS 0x00000100L
|
||||||
|
|
||||||
/* we have used 000001ff - 23 bits left to go */
|
# define SSL_NOT_DEFAULT 0x00000200L
|
||||||
|
|
||||||
|
/* we have used 000003ff - 22 bits left to go */
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Macros to check the export status and cipher strength for export ciphers.
|
* Macros to check the export status and cipher strength for export ciphers.
|
||||||
|
|
Loading…
Reference in a new issue