Remove export static DH ciphersuites

Remove support for the two export grade static DH ciphersuites. These two ciphersuites were newly added (along with a number of other static DH ciphersuites) to 1.0.2. However the two export ones have *never* worked since they were introduced. It seems strange in any case to be adding new export ciphersuites, and given "logjam" it also does not seem correct to fix them. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 13f8eb4730b9fc039e743870f81e5ff54b3d05b8) Conflicts: CHANGES
author: Matt Caswell <matt@openssl.org> 2015-05-22 13:33:19 +0100
committer: Matt Caswell <matt@openssl.org> 2015-05-23 00:01:45 +0100
commit: 595487ea1978d65ca8db7b1c4990fc8c4f781399 (patch)
tree: 0fca8caedd62a24937c72179e2a630c3aa07eee8 /CHANGES
parent: c6eb1cbd1e2afbf0e0e9170cb9b5df1ff25bfd14 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0fedee64b8..c65ce826be 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
 
+  *) Removed support for the two export grade static DH ciphersuites
+     EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+     were newly added (along with a number of other static DH ciphersuites) to
+     1.0.2. However the two export ones have *never* worked since they were
+     introduced. It seems strange in any case to be adding new export
+     ciphersuites, and given "logjam" it also does not seem correct to fix them.
+     [Matt Caswell]
+
   *) Only support 256-bit or stronger elliptic curves with the
      'ecdh_auto' setting (server) or by default (client). Of supported
      curves, prefer P-256 (both).
author	Matt Caswell <matt@openssl.org>	2015-05-22 13:33:19 +0100
committer	Matt Caswell <matt@openssl.org>	2015-05-23 00:01:45 +0100
commit	595487ea1978d65ca8db7b1c4990fc8c4f781399 (patch)
tree	0fca8caedd62a24937c72179e2a630c3aa07eee8 /CHANGES
parent	c6eb1cbd1e2afbf0e0e9170cb9b5df1ff25bfd14 (diff)