diff options
| author | Bodo Möller <bodo@openssl.org> | 2006-06-14 17:51:46 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2006-06-14 17:51:46 +0000 |
| commit | 5b57fe0a1ed1162d4bbaed28d5046300be42d6ec (patch) | |
| tree | 86c945690b790f93891eb7022c432d9f5b8b2473 /CHANGES | |
| parent | 89bbe14c506b9bd2fd00e6bae22a99ef1ee7ad19 (diff) | |
Disable invalid ciphersuites
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 45 |
1 files changed, 30 insertions, 15 deletions
@@ -250,21 +250,6 @@ implementations, between 32- and 64-bit builds without hassle. [Andy Polyakov] - *) Disable rogue ciphersuites: - - - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") - - The latter two were purportedly from - draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really - appear there. - - Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt - remain enabled for now, but are just as unofficial, and the ID - has long expired; these will probably disappear soon. - [Bodo Moeller] - *) Move code previously exiled into file crypto/ec/ec2_smpt.c to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP macro. @@ -322,6 +307,21 @@ Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] @@ -1248,6 +1248,21 @@ Changes between 0.9.7j and 0.9.7k [xx XXX xxxx] + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + *) Fix RSA blinding Heisenbug (problems sometimes occured on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] |