[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Tue Apr 11 17:39:03 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 9d522f08817b6e706ae54c2688b215ff1c631b49 (commit)
from 6302d9373829ff37c257d93f8566f2272968d67d (commit)
- Log -----------------------------------------------------------------
commit 9d522f08817b6e706ae54c2688b215ff1c631b49
Author: Todd Short <tshort at akamai.com>
Date: Tue Apr 11 09:02:05 2017 -0400
Remove ECDH(E) ciphers from SSLv3
SSLv3 does not support TLS extensions, and thus, cannot provide any
curves for ECDH(E). With the removal of the default (all) list of curves
being used for connections that didn't provide any curves, ECDHE is no
longer possible.
Reviewed-by: Kurt Roeckx <kurt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3181)
(cherry picked from commit fe55c4a20f79c77c64a082c5df2c5e8a61317162)
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_lib.c | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e94ee83..bbfed91 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -844,7 +844,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -860,7 +860,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -876,7 +876,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -891,7 +891,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -906,7 +906,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -922,7 +922,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -938,7 +938,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -953,7 +953,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -968,7 +968,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -984,7 +984,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1000,7 +1000,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1015,7 +1015,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1611,7 +1611,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aPSK,
SSL_3DES,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1627,7 +1627,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aPSK,
SSL_AES128,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1642,7 +1642,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aPSK,
SSL_AES256,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -1687,7 +1687,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aPSK,
SSL_eNULL,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2614,7 +2614,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aPSK,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2629,7 +2629,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -2659,7 +2659,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
- SSL3_VERSION, TLS1_2_VERSION,
+ TLS1_VERSION, TLS1_2_VERSION,
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
More information about the openssl-commits
mailing list