[openssl-commits] [openssl] master update
Viktor Dukhovni
viktor at openssl.org
Sun Dec 6 17:50:05 UTC 2015
The branch master has been updated
via 1c735804a2c7e9ad6321794998a2b36a4dd9824b (commit)
from 361a1191279d5a801fa6cfe22d51ef17d6ab38ea (commit)
- Log -----------------------------------------------------------------
commit 1c735804a2c7e9ad6321794998a2b36a4dd9824b
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: Sun Dec 6 00:35:06 2015 -0500
Really disable 56-bit (single-DES) ciphers
Reviewed-by: Kurt Roeckx <kurt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/apps/ciphers.pod | 17 ++--------
ssl/s3_lib.c | 96 ----------------------------------------------------
2 files changed, 3 insertions(+), 110 deletions(-)
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 8db0ea5..43bfd94 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -165,8 +165,9 @@ encryption.
=item B<LOW>
-"low" encryption cipher suites, currently those using 64 or 56 bit encryption
-algorithms but excluding export cipher suites.
+"low" encryption cipher suites, currently those using 64 or 56 bit
+encryption algorithms but excluding export cipher suites. All these
+ciphersuites have been removed as of OpenSSL 1.1.0.
=item B<eNULL>, B<NULL>
@@ -378,20 +379,14 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
SSL_RSA_WITH_RC4_128_SHA RC4-SHA
SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
- SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
- SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
- SSL_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
@@ -405,20 +400,14 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
TLS_RSA_WITH_RC4_128_SHA RC4-SHA
TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
- TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
=head2 AES ciphersuites from RFC3268, extending TLS v1.0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 24cf5f0..03d0320 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -245,22 +245,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
},
#endif
-/* Cipher 09 */
- {
- 1,
- SSL3_TXT_RSA_DES_64_CBC_SHA,
- SSL3_CK_RSA_DES_64_CBC_SHA,
- SSL_kRSA,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
/* Cipher 0A */
{
1,
@@ -277,22 +261,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},
-/* Cipher 0C */
- {
- 1,
- SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
- SSL3_CK_DH_DSS_DES_64_CBC_SHA,
- SSL_kDHd,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
/* Cipher 0D */
{
1,
@@ -309,22 +277,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},
-/* Cipher 0F */
- {
- 1,
- SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
- SSL3_CK_DH_RSA_DES_64_CBC_SHA,
- SSL_kDHr,
- SSL_aDH,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
/* Cipher 10 */
{
1,
@@ -341,22 +293,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},
-/* Cipher 12 */
- {
- 1,
- SSL3_TXT_DHE_DSS_DES_64_CBC_SHA,
- SSL3_CK_DHE_DSS_DES_64_CBC_SHA,
- SSL_kDHE,
- SSL_aDSS,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
/* Cipher 13 */
{
1,
@@ -373,22 +309,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},
-/* Cipher 15 */
- {
- 1,
- SSL3_TXT_DHE_RSA_DES_64_CBC_SHA,
- SSL3_CK_DHE_RSA_DES_64_CBC_SHA,
- SSL_kDHE,
- SSL_aRSA,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
/* Cipher 16 */
{
1,
@@ -421,22 +341,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
128,
},
-/* Cipher 1A */
- {
- 1,
- SSL3_TXT_ADH_DES_64_CBC_SHA,
- SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kDHE,
- SSL_aNULL,
- SSL_DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_LOW,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 56,
- 56,
- },
-
/* Cipher 1B */
{
1,
More information about the openssl-commits
mailing list