diff options
author | Matt Caswell <matt@openssl.org> | 2015-05-22 13:33:19 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-05-23 00:01:45 +0100 |
commit | 595487ea1978d65ca8db7b1c4990fc8c4f781399 (patch) | |
tree | 0fca8caedd62a24937c72179e2a630c3aa07eee8 /CHANGES | |
parent | c6eb1cbd1e2afbf0e0e9170cb9b5df1ff25bfd14 (diff) |
Remove export static DH ciphersuites
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
ciphersuites) to 1.0.2. However the two export ones have *never* worked
since they were introduced. It seems strange in any case to be adding new
export ciphersuites, and given "logjam" it also does not seem correct to
fix them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 13f8eb4730b9fc039e743870f81e5ff54b3d05b8)
Conflicts:
CHANGES
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -4,6 +4,14 @@ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + *) Removed support for the two export grade static DH ciphersuites + EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites + were newly added (along with a number of other static DH ciphersuites) to + 1.0.2. However the two export ones have *never* worked since they were + introduced. It seems strange in any case to be adding new export + ciphersuites, and given "logjam" it also does not seem correct to fix them. + [Matt Caswell] + *) Only support 256-bit or stronger elliptic curves with the 'ecdh_auto' setting (server) or by default (client). Of supported curves, prefer P-256 (both). |