wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/apps
History
Matt Caswell f865b08143 Split configuration of TLSv1.3 ciphers from older ciphers 
With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.

In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.

This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.

Fixes #5359

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)
2018-03-14 10:15:50 +00:00
..
demoSRP
app_rand.c Fix use-after-free 2017-07-17 07:46:49 -04:00
apps.c Prepare to detect index changes in OCSP responder. 2018-03-07 11:03:01 -05:00
apps.h Split configuration of TLSv1.3 ciphers from older ciphers 2018-03-14 10:15:50 +00:00
asn1pars.c Update copyright year 2018-02-13 13:59:25 +00:00
bf_prefix.c Fix of prefix bio filter (bf_prefix.c): rely on the given length 2018-02-01 22:09:41 +01:00
build.info Add an apps internal BIO filter for prefixing output lines 2018-02-01 07:10:47 +01:00
ca-cert.srl
ca-key.pem
ca-req.pem
ca.c do_body: fix heap-use-after-free. 2018-02-21 12:18:56 +00:00
CA.pl.in Make "make variables" config attributes for overridable flags 2018-03-08 17:24:02 +01:00
cert.pem
ciphers.c Split configuration of TLSv1.3 ciphers from older ciphers 2018-03-14 10:15:50 +00:00
client.pem
cms.c apps: Don't include progs.h in apps.h 2018-01-31 23:45:12 +01:00
crl.c Update copyright year 2018-02-13 13:59:25 +00:00
crl2p7.c Update copyright year 2018-02-13 13:59:25 +00:00
ct_log_list.cnf
dgst.c Update copyright year 2018-02-13 13:59:25 +00:00
dh1024.pem
dh2048.pem
dh4096.pem
dhparam.c Update copyright year 2018-02-13 13:59:25 +00:00
dsa-ca.pem
dsa-pca.pem
dsa.c Update copyright year 2018-02-13 13:59:25 +00:00
dsa512.pem
dsa1024.pem
dsap.pem
dsaparam.c Update copyright year 2018-02-13 13:59:25 +00:00
ec.c Update copyright year 2018-02-13 13:59:25 +00:00
ecparam.c Update copyright year 2018-02-13 13:59:25 +00:00
enc.c Add support for PBKDF2 for enc command 2018-02-21 12:36:21 +00:00
engine.c Update copyright year 2018-02-13 13:59:25 +00:00
errstr.c Update copyright year 2018-02-13 13:59:25 +00:00
gendsa.c Update copyright year 2018-02-13 13:59:25 +00:00
genpkey.c Update copyright year 2018-02-13 13:59:25 +00:00
genrsa.c Fix the type of -out option 2018-02-28 18:44:56 +01:00
nseq.c Update copyright year 2018-02-13 13:59:25 +00:00
ocsp.c Make OCSP "multi" compatible with "no-sock" builds. 2018-03-08 17:14:52 -05:00
openssl-vms.cnf Add support for .include directive in config files 2018-03-05 13:32:40 +00:00
openssl.c initialise dc variable to satisfy old compilers. 2018-02-22 13:54:27 -05:00
openssl.cnf Add support for .include directive in config files 2018-03-05 13:32:40 +00:00
opt.c Check on VMS as well 2018-02-28 18:48:04 +01:00
passwd.c Update copyright year 2018-02-13 13:59:25 +00:00
pca-cert.srl
pca-key.pem
pca-req.pem
pkcs7.c Update copyright year 2018-02-13 13:59:25 +00:00
pkcs8.c Update copyright year 2018-02-13 13:59:25 +00:00
pkcs12.c Update copyright year 2018-02-13 13:59:25 +00:00
pkey.c Update copyright year 2018-02-13 13:59:25 +00:00
pkeyparam.c Update copyright year 2018-02-13 13:59:25 +00:00
pkeyutl.c Update copyright year 2018-02-13 13:59:25 +00:00
prime.c Update copyright year 2018-02-13 13:59:25 +00:00
privkey.pem
progs.pl Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
rand.c Update copyright year 2018-02-13 13:59:25 +00:00
rehash.c openssl rehash: no more need to massage the files on VMS 2018-03-12 23:02:18 +01:00
req.c Update copyright year 2018-02-13 13:59:25 +00:00
req.pem
rsa.c Update copyright year 2018-02-13 13:59:25 +00:00
rsa8192.pem
rsautl.c Update copyright year 2018-02-13 13:59:25 +00:00
s512-key.pem
s512-req.pem
s1024key.pem
s1024req.pem
s_apps.h Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb 2018-03-12 19:34:13 +00:00
s_cb.c Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb 2018-03-12 19:34:13 +00:00
s_client.c Tolerate TLSv1.3 PSKs that are a different size to the hash size 2018-03-09 11:22:23 +00:00
s_server.c Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb 2018-03-12 19:34:13 +00:00
s_socket.c Add BIO_bind function to bind local address for a socket. 2018-02-19 22:58:37 +01:00
s_time.c Update copyright year 2018-02-13 13:59:25 +00:00
server.pem
server.srl
server2.pem
sess_id.c Fix the type of -out option 2018-02-28 18:44:56 +01:00
smime.c Update copyright year 2018-02-13 13:59:25 +00:00
speed.c speed: add ecdhx448 to ecdh choices 2018-03-09 07:15:20 -05:00
spkac.c Update copyright year 2018-02-13 13:59:25 +00:00
srp.c update SRP copyright notice 2018-03-13 18:33:44 +10:00
storeutl.c storeutl: make sure s2i_ASN1_INTEGER is correctly declared 2018-02-28 18:40:08 +01:00
testCA.pem
testdsa.h Clean up a bundle of codingstyle stuff in apps directory 2017-06-12 16:11:05 -04:00
testrsa.h
timeouts.h
ts.c Update copyright year 2018-02-13 13:59:25 +00:00
tsget.in Make "make variables" config attributes for overridable flags 2018-03-08 17:24:02 +01:00
verify.c Update copyright year 2018-02-13 13:59:25 +00:00
version.c Restore the display of options with 'openssl version -a' 2018-03-09 14:28:51 +01:00
vms_decc_init.c
vms_term_sock.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
vms_term_sock.h Cleanup some copyright stuff 2017-06-30 21:56:44 -04:00
win32_init.c
x509.c Update copyright year 2018-02-13 13:59:25 +00:00