Disable export and SSLv2 ciphers by default

They are moved to the COMPLEMENTOFDEFAULT instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

CHANGES

@@ -4,7 +4,8 @@
 
  Changes between 0.9.8ze and 0.9.8zf [xx XXX xxxx]
 
-  *)
+  *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers
+     [Kurt Roeckx]
 
  Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
 

doc/apps/ciphers.pod

@@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
 
 the default cipher list. This is determined at compile time and is normally
-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
+B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH>. This must be the first cipher string
 specified.
 
 =item B<COMPLEMENTOFDEFAULT>

ssl/ssl.h

@@ -323,8 +323,7 @@ extern "C" {
  * The following cipher list is used by default. It also is substituted when
  * an application-defined cipher list string starts with 'DEFAULT'.
  */
-/* low priority for RC4 */
-# define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH"
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 # define SSL_SENT_SHUTDOWN       1

ssl/ssl_ciph.c

@@ -174,12 +174,11 @@ static const SSL_CIPHER cipher_aliases[] = {
     {0, SSL_TXT_ALL, 0, SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE,
      SSL_ALL, 0, 0, 0, SSL_ALL, SSL_ALL},
     /*
-     * TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC
-     * cipher suites handled properly.
+     * TODO: COMPLEMENT OF ALL do not have ECC cipher suites handled properly.
      */
     /* COMPLEMENT OF ALL */
     {0, SSL_TXT_CMPALL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0},
-    {0, SSL_TXT_CMPDEF, 0, SSL_ADH, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+    {0, SSL_TXT_CMPDEF, 0, SSL_ADH, SSL_EXP_MASK, 0, 0, 0, SSL_AUTH_MASK, 0},
     /* VRS Kerberos5 */
     {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
     {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
@@ -636,6 +635,15 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         curr2 = curr->next;
 
         cp = curr->cipher;
+        /* Special case: only satisfied by COMPLEMENTOFDEFAULT */
+        if (algo_strength == SSL_EXP_MASK) {
+            if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2
+                || cp->algorithms & SSL_aNULL)
+                && !(cp->algorithms & (SSL_kECDHE|SSL_kECDH)))
+                goto ok;
+            else
+                continue;
+        }
 
         /*
          * If explicit cipher suite, match only that one for its own protocol
@@ -675,6 +683,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         } else if (strength_bits != cp->strength_bits)
             continue;           /* does not apply */
 
+        ok:
+
 #ifdef CIPHER_DEBUG
         printf("Action = %d\n", rule);
 #endif

ssl/ssl_lib.c

@@ -1562,6 +1562,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 
     ssl_create_cipher_list(ret->method,
                            &ret->cipher_list, &ret->cipher_list_by_id,
+                           meth->version == SSL2_VERSION ? "SSLv2" :
                            SSL_DEFAULT_CIPHER_LIST);
     if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);