[openssl-dev] [openssl.org #4141] GOST ciphersuites
Stephen Henson via RT
rt at openssl.org
Mon Nov 16 14:22:25 UTC 2015
On Sun Nov 15 10:04:28 2015, beldmit at gmail.com wrote:
> Hello!
>
> In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set
> the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are not
> usable with SSLv3, they require TLSv1.
>
> Could you turn the flag back for the GOST ciphersuites?
>
Does that commit break anything? It should not change the previous
functionality in any way because we also had this in ssl_locl.h:
# define SSL_TLSV1 SSL_SSLV3/* for now */
The subsequent commits change SSL_TLSV1 so it really disables ciphersuites in
SSL v3 (before it didn't) and adds the flag to PSK+SHA2 ciphersuites, We can
add SSL_TLSV1 to the GOST ciphersuites but that will change the behaviour from
what it was before.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list