[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Thu May 5 21:32:17 UTC 2016 

The branch master has been updated
       via  4a8e9c22f42065e603ecdac7fd4691e6c3c06b72 (commit)
      from  3fd60dc42288591737a35a90368d72dbd00fdef8 (commit)


- Log -----------------------------------------------------------------
commit 4a8e9c22f42065e603ecdac7fd4691e6c3c06b72
Author: Rich Salz <rsalz at openssl.org>
Date:   Thu May 5 17:08:41 2016 -0400

    Move 3DES from HIGH to MEDIUM
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 CHANGES      |  2 ++
 ssl/s3_lib.c | 28 ++++++++++++++--------------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7aececb..3d91a6b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,8 @@
 
  Changes between 1.0.2g and 1.1.0  [xx XXX xxxx]
 
+  *) Triple-DES ciphers have been moved from HIGH to MEDIUM.
+
   *) To enable users to have their own config files and build file templates,
      Configure looks in the directory indicated by the environment variable
      OPENSSL_LOCAL_CONFIG_DIR as well as the in-source Configurations/
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index fc2aac8..9064abb 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -208,7 +208,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -223,7 +223,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -238,7 +238,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -253,7 +253,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -960,7 +960,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1020,7 +1020,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1080,7 +1080,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1293,7 +1293,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1338,7 +1338,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1383,7 +1383,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1699,7 +1699,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH | SSL_FIPS,
+     SSL_MEDIUM | SSL_FIPS,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1823,7 +1823,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH,
+     SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1838,7 +1838,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_HIGH,
+     SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1853,7 +1853,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_VERSION, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,

More information about the openssl-commits mailing list