[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Sat Jan 6 14:18:23 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 508ff7f6b4c038c017a7adaf8dd8cda3efe853ec (commit)
from 35a37158181fb0129b632b450ded1114fe4fbb37 (commit)
- Log -----------------------------------------------------------------
commit 508ff7f6b4c038c017a7adaf8dd8cda3efe853ec
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Fri Jan 5 18:50:09 2018 +0100
Stop using unimplemented cipher classes.
Add comments to no longer usable ciphers.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5023)
(cherry picked from commit 643d91fea409b0f010ce990f8f0fac234ae058bc)
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 16 ++++++++--------
ssl/ssl_ciph.c | 4 ----
test/recipes/80-test_ssl_old.t | 2 +-
3 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 4e7f82f..4cdcdcf 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -95,14 +95,14 @@ extern "C" {
# define SSL_TXT_NULL "NULL"
# define SSL_TXT_kRSA "kRSA"
-# define SSL_TXT_kDHr "kDHr"
-# define SSL_TXT_kDHd "kDHd"
-# define SSL_TXT_kDH "kDH"
+# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */
# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */
# define SSL_TXT_kDHE "kDHE"
-# define SSL_TXT_kECDHr "kECDHr"
-# define SSL_TXT_kECDHe "kECDHe"
-# define SSL_TXT_kECDH "kECDH"
+# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */
# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */
# define SSL_TXT_kECDHE "kECDHE"
# define SSL_TXT_kPSK "kPSK"
@@ -114,8 +114,8 @@ extern "C" {
# define SSL_TXT_aRSA "aRSA"
# define SSL_TXT_aDSS "aDSS"
-# define SSL_TXT_aDH "aDH"
-# define SSL_TXT_aECDH "aECDH"
+# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */
# define SSL_TXT_aECDSA "aECDSA"
# define SSL_TXT_aPSK "aPSK"
# define SSL_TXT_aGOST94 "aGOST94"
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index da6e298..4026d46 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1384,10 +1384,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
- /*
- * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
- * &head, &tail);
- */
ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 1cce9fb..97ef821 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -424,7 +424,7 @@ sub testssl {
subtest "Testing ciphersuites" => sub {
my @exkeys = ();
- my $ciphers = "-EXP:-PSK:-SRP:-kDH:-kECDHe";
+ my $ciphers = "-PSK:-SRP";
if ($no_dh) {
note "skipping DHE tests\n";
More information about the openssl-commits
mailing list