SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 0fff506588)
This commit is contained in:
Rich Salz
parent
1bbe48ab14
commit
e95f5e03f6
2 changed files with 20 additions and 18 deletions
4
CHANGES
4
CHANGES
|
|
@ -4,7 +4,9 @@
|
|||
|
||||
Changes between 1.0.1t and 1.0.1u [xx XXX xxxx]
|
||||
|
||||
*)
|
||||
*) In order to mitigate the SWEET32 attack (CVE-2016-2183),
|
||||
the DES ciphers were moved from HIGH to MEDIUM.
|
||||
[Rich Salz]
|
||||
|
||||
Changes between 1.0.1s and 1.0.1t [3 May 2016]
|
||||
|
||||
|
|
|
|||
34
ssl/s3_lib.c
34
ssl/s3_lib.c
|
|
@ -334,7 +334,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -387,7 +387,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -439,7 +439,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -492,7 +492,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -544,7 +544,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -630,7 +630,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -717,7 +717,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -783,7 +783,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_MD5,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -1733,7 +1733,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2110,7 +2110,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2190,7 +2190,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2270,7 +2270,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2350,7 +2350,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2430,7 +2430,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2480,7 +2480,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2496,7 +2496,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
@ -2512,7 +2512,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
|
|||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_HIGH,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
|
|
|
|||
Loading…
Reference in a new issue