diff options
author | Matt Caswell <matt@openssl.org> | 2015-05-22 13:33:19 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-05-22 23:58:52 +0100 |
commit | 13f8eb4730b9fc039e743870f81e5ff54b3d05b8 (patch) | |
tree | a8a7082838db0e12b06174f6b85cb94fda5ab647 /CHANGES | |
parent | efee575ad464bfb60bf72dcb73f9b51768f4b1a1 (diff) |
Remove export static DH ciphersuites
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
ciphersuites) to 1.0.2. However the two export ones have *never* worked
since they were introduced. It seems strange in any case to be adding new
export ciphersuites, and given "logjam" it also does not seem correct to
fix them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -9,6 +9,14 @@ not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed. [Matt Caswell] + *) Removed support for the two export grade static DH ciphersuites + EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites + were newly added (along with a number of other static DH ciphersuites) to + 1.0.2. However the two export ones have *never* worked since they were + introduced. It seems strange in any case to be adding new export + ciphersuites, and given "logjam" it also does not seem correct to fix them. + [Matt Caswell] + *) Version negotiation has been rewritten. In particular SSLv23_method(), SSLv23_client_method() and SSLv23_server_method() have been deprecated, and turned into macros which simply call the new preferred function names |