[openssl-commits] [openssl] master update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Sat Jan 6 14:15:56 UTC 2018
The branch master has been updated
via 643d91fea409b0f010ce990f8f0fac234ae058bc (commit)
from cc94da4ea38cc2a4a47e0a14ef9e361a2d723eff (commit)
- Log -----------------------------------------------------------------
commit 643d91fea409b0f010ce990f8f0fac234ae058bc
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Fri Jan 5 18:50:09 2018 +0100
Stop using unimplemented cipher classes.
Add comments to no longer usable ciphers.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5023)
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 16 ++++++++--------
ssl/ssl_ciph.c | 4 ----
test/recipes/80-test_ssl_old.t | 2 +-
3 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 98a106b..84f14f7 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -67,14 +67,14 @@ extern "C" {
# define SSL_TXT_NULL "NULL"
# define SSL_TXT_kRSA "kRSA"
-# define SSL_TXT_kDHr "kDHr"
-# define SSL_TXT_kDHd "kDHd"
-# define SSL_TXT_kDH "kDH"
+# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */
# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */
# define SSL_TXT_kDHE "kDHE"
-# define SSL_TXT_kECDHr "kECDHr"
-# define SSL_TXT_kECDHe "kECDHe"
-# define SSL_TXT_kECDH "kECDH"
+# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */
# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */
# define SSL_TXT_kECDHE "kECDHE"
# define SSL_TXT_kPSK "kPSK"
@@ -86,8 +86,8 @@ extern "C" {
# define SSL_TXT_aRSA "aRSA"
# define SSL_TXT_aDSS "aDSS"
-# define SSL_TXT_aDH "aDH"
-# define SSL_TXT_aECDH "aECDH"
+# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */
# define SSL_TXT_aECDSA "aECDSA"
# define SSL_TXT_aPSK "aPSK"
# define SSL_TXT_aGOST94 "aGOST94"
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 19b592a..94bff7c 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1368,10 +1368,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
- /*
- * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
- * &head, &tail);
- */
ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 2f3d3be..35bf904 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -396,7 +396,7 @@ sub testssl {
subtest "Testing ciphersuites" => sub {
my @exkeys = ();
- my $ciphers = "-EXP:-PSK:-SRP:-kDH:-kECDHe";
+ my $ciphers = "-PSK:-SRP";
if (!$no_dsa) {
push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
More information about the openssl-commits
mailing list