[openssl-dev] [openssl.org #4438] AutoReply: GOST ciphersuites and DTLS

Dmitry Belyavsky via RT rt at openssl.org
Sun Apr 3 10:03:04 UTC 2016 

Hello!

The patch marking the GOST ciphersuites DTLS-uncapable is attached.

Thank you!

On Thu, Mar 17, 2016 at 4:28 PM, The default queue via RT <rt at openssl.org>
wrote:

>
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
>         "GOST ciphersuites and DTLS",
> a summary of which appears below.
>
> There is no need to reply to this message right now.  Your ticket has been
> assigned an ID of [openssl.org #4438].
>
> Please include the string:
>
>          [openssl.org #4438]
>
> in the subject line of all future correspondence about this issue. To do
> so,
> you may reply to this message.
>
>                         Thank you,
>                         rt at openssl.org
>
> -------------------------------------------------------------------------
> Hello OpenSSL team,
>
> The GOST ciphersuites currently defined are not DTLS-capable.
>
> So it should be fixed in the ssl/s3_lib.c file.
>
> Thank you!
>
> --
> SY, Dmitry Belyavsky
>
>
> -------------------------------------------------------------------------
> http://rt.openssl.org/Ticket/Display.html?id=4438&user=guest&pass=guest
>



-- 
SY, Dmitry Belyavsky

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4438
Please log in as guest with password guest if prompted

-------------- next part --------------
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ef65050..46987a9 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2506,7 +2506,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eGOST2814789CNT,
      SSL_GOST89MAC,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_HIGH,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
      256,
@@ -2521,7 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eNULL,
      SSL_GOST94,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_STRONG_NONE,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
      0,
@@ -2536,7 +2536,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eGOST2814789CNT12,
      SSL_GOST89MAC12,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_HIGH,
      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
      256,
@@ -2551,7 +2551,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eNULL,
      SSL_GOST12_256,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_STRONG_NONE,
      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
      0,

More information about the openssl-dev mailing list