diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-04-07 17:01:07 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-04-07 17:01:07 +0000 |
| commit | 9ae5743515f88f481c0e1075c21404e67d9cc197 (patch) | |
| tree | 208d8375f419e4da15dc8eb9f40e181b7e99320e | |
| parent | c184b140df83ef5e91abf3e1d405059f898269d6 (diff) | |
Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client
hello if no SSLv2 cipher suites are included. This effectively disables
the broken SSLv2 use by default.
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | ssl/s23_clnt.c | 17 | ||||
| -rw-r--r-- | ssl/ssl.h | 4 |
3 files changed, 25 insertions, 2 deletions
@@ -4,6 +4,12 @@ Changes between 0.9.8k and 1.0 [xx XXX xxxx] + *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello: + this allows the use of compression and extensions. Change default cipher + string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2 + by default unless an application cipher string requests it. + [Steve Henson] + *) Alter match criteria in PKCS12_parse(). It used to try to use local key ids to find matching certificates and keys but some PKCS#12 files don't follow the (somewhat unwritten) rules and this strategy fails. diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 0912528f89..a71311e716 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -250,6 +250,20 @@ end: return(ret); } +static int ssl23_no_ssl2_ciphers(SSL *s) + { + SSL_CIPHER *cipher; + STACK_OF(SSL_CIPHER) *ciphers; + int i; + ciphers = SSL_get_ciphers(s); + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) + { + cipher = sk_SSL_CIPHER_value(ciphers, i); + if (cipher->algorithm_ssl == SSL_SSLV2) + return 0; + } + return 1; + } static int ssl23_client_hello(SSL *s) { @@ -264,6 +278,9 @@ static int ssl23_client_hello(SSL *s) ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; + if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) + ssl2_compat = 0; + if (!(s->options & SSL_OP_NO_TLSv1)) { version = TLS1_VERSION; @@ -324,8 +324,8 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL" -/* As of OpenSSL 0.9.9, ssl_create_cipher_list() in ssl/ssl_ciph.c always +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSlv2" +/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is * throwing out anonymous and unencrypted ciphersuites! * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable |