diff options
| author | Matt Caswell <matt@openssl.org> | 2016-03-03 15:40:51 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-03-04 10:04:06 +0000 |
| commit | 8b1a5af389fb962c7d00ffc9d003c81078033e7b (patch) | |
| tree | c8e4ed539f9a711c85cbff3b62b38736b5dd29af /Configure | |
| parent | f04abe7d500eeebc078a0ffb0e82997d5f62b2df (diff) | |
Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'Configure')
| -rwxr-xr-x | Configure | 29 |
1 files changed, 17 insertions, 12 deletions
@@ -57,6 +57,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable weak ciphers that are disabled by default. This currently +# only includes RC4 based ciphers. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) # -<xxx> +<xxx> compiler options are passed through @@ -313,6 +316,7 @@ my @disablables = ( "ui", "unit-test", "whirlpool", + "weak-ssl-ciphers", "zlib", "zlib-dynamic", ); @@ -330,18 +334,19 @@ my @deprecated_disablables = ( our %disabled = ( # "what" => "comment" "ec_nistp_64_gcc_128" => "default", - "egd" => "default", - "md2" => "default", - "rc5" => "default", - "sctp" => "default", - "shared" => "default", - "ssl-trace" => "default", - "static-engine" => "default", - "unit-test" => "default", - "zlib" => "default", - "zlib-dynamic" => "default", - "crypto-mdebug" => "default", - "heartbeats" => "default", + "egd" => "default", + "md2" => "default", + "rc5" => "default", + "sctp" => "default", + "shared" => "default", + "ssl-trace" => "default", + "static-engine" => "default", + "unit-test" => "default", + "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default", + "crypto-mdebug" => "default", + "heartbeats" => "default", ); # Note: => pair form used for aesthetics, not to truly make a hash table |