diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-01-05 18:50:09 +0100 |
|---|---|---|
| committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-01-06 15:14:57 +0100 |
| commit | 643d91fea409b0f010ce990f8f0fac234ae058bc (patch) | |
| tree | f75249d0e781db96eab9f7aea953b6d4df5c7cdf | |
| parent | cc94da4ea38cc2a4a47e0a14ef9e361a2d723eff (diff) | |
Stop using unimplemented cipher classes.
Add comments to no longer usable ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5023)
| -rw-r--r-- | include/openssl/ssl.h | 16 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 4 | ||||
| -rw-r--r-- | test/recipes/80-test_ssl_old.t | 2 |
3 files changed, 9 insertions, 13 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 98a106bb77..84f14f7a57 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -67,14 +67,14 @@ extern "C" { # define SSL_TXT_NULL "NULL" # define SSL_TXT_kRSA "kRSA" -# define SSL_TXT_kDHr "kDHr" -# define SSL_TXT_kDHd "kDHd" -# define SSL_TXT_kDH "kDH" +# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ +# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ +# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ # define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kECDHr "kECDHr" -# define SSL_TXT_kECDHe "kECDHe" -# define SSL_TXT_kECDH "kECDH" +# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ +# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ +# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ # define SSL_TXT_kECDHE "kECDHE" # define SSL_TXT_kPSK "kPSK" @@ -86,8 +86,8 @@ extern "C" { # define SSL_TXT_aRSA "aRSA" # define SSL_TXT_aDSS "aDSS" -# define SSL_TXT_aDH "aDH" -# define SSL_TXT_aECDH "aECDH" +# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ +# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ # define SSL_TXT_aECDSA "aECDSA" # define SSL_TXT_aPSK "aPSK" # define SSL_TXT_aGOST94 "aGOST94" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 19b592a3ab..94bff7c28d 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1368,10 +1368,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - /* - * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, - * &head, &tail); - */ ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 2f3d3be6cb..35bf904184 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -396,7 +396,7 @@ sub testssl { subtest "Testing ciphersuites" => sub { my @exkeys = (); - my $ciphers = "-EXP:-PSK:-SRP:-kDH:-kECDHe"; + my $ciphers = "-PSK:-SRP"; if (!$no_dsa) { push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss"; |