diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2014-11-30 15:35:22 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2014-12-04 11:55:03 +0100 |
commit | 45f55f6a5bdcec411ef08a6f8aae41d5d3d234ad (patch) | |
tree | 56dba3e74061df914c5d4fa2faf89e7a24c6457c /doc/ssl | |
parent | 616f71e486d693991b594439c884ec624b32c2d4 (diff) |
Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_CIPHER_get_name.pod | 4 | ||||
-rw-r--r-- | doc/ssl/SSL_CONF_cmd.pod | 11 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_new.pod | 31 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_cipher_list.pod | 4 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_generate_session_id.pod | 26 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 11 | ||||
-rw-r--r-- | doc/ssl/SSL_get_default_timeout.pod | 2 | ||||
-rw-r--r-- | doc/ssl/SSL_get_version.pod | 4 | ||||
-rw-r--r-- | doc/ssl/SSL_new.pod | 2 | ||||
-rw-r--r-- | doc/ssl/SSL_shutdown.pod | 4 | ||||
-rw-r--r-- | doc/ssl/ssl.pod | 25 |
11 files changed, 36 insertions, 88 deletions
diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod index 2048bfb8a1..ec7011efe9 100644 --- a/doc/ssl/SSL_CIPHER_get_name.pod +++ b/doc/ssl/SSL_CIPHER_get_name.pod @@ -25,7 +25,7 @@ chosen algorithm. If B<cipher> is NULL, 0 is returned. SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol version that first defined the cipher. -This is currently B<SSLv2> or B<TLSv1/SSLv3>. +This is currently B<TLSv1/SSLv3>. In some cases it should possibly return "TLSv1.2" but does not; use SSL_CIPHER_description() instead. If B<cipher> is NULL, "(NONE)" is returned. @@ -56,7 +56,7 @@ Textual representation of the cipher name. =item <protocol version> -Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are +Protocol version: B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1. =item Kx=<key exchange> diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index f96d8d941d..90a20d6c49 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -109,10 +109,10 @@ Attempts to use the file B<value> as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. -=item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 -by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>, +Disables protocol support for SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 +by setting the corresponding options B<SSL_OP_NO_SSL3>, B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. =item B<-bugs> @@ -259,7 +259,7 @@ The supported versions of the SSL or TLS protocol. The B<value> argument is a comma separated list of supported protocols to enable or disable. If an protocol is preceded by B<-> that version is disabled. All versions are enabled by default, though applications may choose to -explicitly disable some. Currently supported protocol values are B<SSLv2>, +explicitly disable some. Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers to all supported versions. @@ -435,4 +435,7 @@ L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> SSL_CONF_cmd() was first added to OpenSSL 1.0.2 +B<SSL_OP_NO_SSL2> doesn't have effect anymore since 1.1.0 but the define is kept +for backward compatibility. + =cut diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 7593cf60cf..0da3f7be8e 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CTX_new, SSLv2_method, SSLv2_server_method, SSLv2_client_method, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions +SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions =head1 SYNOPSIS @@ -23,14 +23,6 @@ client only type. B<method> can be of the following types: =over 4 -=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) - -A TLS/SSL connection established with these methods will only understand -the SSLv2 protocol. A client will send out SSLv2 client hello messages -and will also indicate that it only understand SSLv2. A server will only -understand SSLv2 client hello messages. The SSLv2 protocol is deprecated -and very broken: its use is B<strongly> discouraged. - =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) A TLS/SSL connection established with these methods will only understand the @@ -62,33 +54,25 @@ SSLv3 client hello messages. =item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) -A TLS/SSL connection established with these methods may understand the SSLv2, +A TLS/SSL connection established with these methods may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. -If the cipher list does not contain any SSLv2 ciphersuites (the default -cipher list does not) or extensions are required (for example server name) +If extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern. -If any SSLv2 ciphersuites are included in the cipher list and no extensions -are required then SSLv2 compatible client hellos will be used by clients and -SSLv2 will be accepted by servers. This is B<not> recommended due to the -insecurity of SSLv2 and the limited nature of the SSLv2 client hello -prohibiting the use of extensions. - =back -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, +The list of protocols available can later be limited using the SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 options of the SSL_CTX_set_options() or SSL_set_options() functions. Using these options it is possible to choose e.g. SSLv23_server_method() and be able to negotiate with all possible clients, but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2. -Applications which never want to support SSLv2 (even is the cipher string -is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2. +Applications which never want to support SSLv3 can set SSL_OP_NO_SSLv3. SSL_CTX_new() initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to its default @@ -111,6 +95,11 @@ The return value points to an allocated SSL_CTX object. =back +=head1 HISTORY + +SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in +OpenSSL 1.1.0. + =head1 SEE ALSO L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod index 8b41917334..c2c349f65e 100644 --- a/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -54,10 +54,6 @@ of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will fail. -If the cipher list does not contain any SSLv2 cipher suites (this is the -default) then SSLv2 is effectively disabled and neither clients nor servers -will attempt to use SSLv2. - =head1 RETURN VALUES SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod index 798e8443a7..cd72572b27 100644 --- a/doc/ssl/SSL_CTX_set_generate_session_id.pod +++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod @@ -32,9 +32,8 @@ of the parent context of B<ssl>. When a new session is established between client and server, the server generates a session id. The session id is an arbitrary sequence of bytes. -The length of the session id is 16 bytes for SSLv2 sessions and between -1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical -but must be unique for the server. Additionally, the session id is +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is transmitted in the clear when reusing the session so it must not contain sensitive information. @@ -51,21 +50,14 @@ The callback is only allowed to generate a shorter id and reduce B<id_len>; the callback B<must never> increase B<id_len> or write to the location B<id> exceeding the given limit. -If a SSLv2 session id is generated and B<id_len> is reduced, it will be -restored after the callback has finished and the session id will be padded -with 0x00. It is not recommended to change the B<id_len> for SSLv2 sessions. -The callback can use the L<SSL_get_version(3)|SSL_get_version(3)> function -to check, whether the session is of type SSLv2. - The location B<id> is filled with 0x00 before the callback is called, so the callback may only fill part of the possible length and leave B<id_len> untouched while maintaining reproducibility. Since the sessions must be distinguished, session ids must be unique. Without the callback a random number is used, so that the probability -of generating the same session id is extremely small (2^128 possible ids -for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the -uniqueness of the generated session id, the callback must call +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call SSL_has_matching_session_id() and generate another id if a conflict occurs. If an id conflict is not resolved, the handshake will fail. If the application codes e.g. a unique host id, a unique process number, and @@ -85,10 +77,6 @@ Collisions can also occur when using an external session cache, since the external cache is not tested with SSL_has_matching_session_id() and the same race condition applies. -When calling SSL_has_matching_session_id() for an SSLv2 session with -reduced B<id_len>, the match operation will be performed using the -fixed length required and with a 0x00 padded id. - The callback must return 0 if it cannot generate a session id for whatever reason and return 1 on success. @@ -104,12 +92,6 @@ server id given, and will fill the rest with pseudo random bytes: unsigned int *id_len) { unsigned int count = 0; - const char *version; - - version = SSL_get_version(ssl); - if (!strcmp(version, "SSLv2")) - /* we must not change id_len */; - do { RAND_pseudo_bytes(id, *id_len); /* Prefix the session_id with the required prefix. NB: If our diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 65062ad68c..1594fb6eec 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -63,18 +63,11 @@ The following B<bug workaround> options are available: =item SSL_OP_MICROSOFT_SESS_ID_BUG -www.microsoft.com - when talking SSLv2, if session-id reuse is -performed, the session-id passed back in the server-finished message -is different from the one decided upon. +As of OpenSSL 1.0.0 this option has no effect. =item SSL_OP_NETSCAPE_CHALLENGE_BUG -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte -challenge but then appears to only use 16 bytes when generating the -encryption keys. Using 16 bytes is ok but it should be ok to use 32. -According to the SSLv3 spec, one should use 32 bytes for the challenge -when operating in SSLv2/v3 compatibility mode, but as mentioned above, -this breaks this server so 16 bytes is the way to go. +As of OpenSSL 1.0.0 this option has no effect. =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG diff --git a/doc/ssl/SSL_get_default_timeout.pod b/doc/ssl/SSL_get_default_timeout.pod index a648a9b82d..3a067fe892 100644 --- a/doc/ssl/SSL_get_default_timeout.pod +++ b/doc/ssl/SSL_get_default_timeout.pod @@ -24,7 +24,7 @@ L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default timeout for the protocol will be used. SSL_get_default_timeout() return this hardcoded value, which is 300 seconds -for all currently supported protocols (SSLv2, SSLv3, and TLSv1). +for all currently supported protocols. =head1 RETURN VALUES diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod index 9ae6f25508..b91bb47f78 100644 --- a/doc/ssl/SSL_get_version.pod +++ b/doc/ssl/SSL_get_version.pod @@ -21,10 +21,6 @@ The following strings can be returned: =over 4 -=item SSLv2 - -The connection uses the SSLv2 protocol. - =item SSLv3 The connection uses the SSLv3 protocol. diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod index 25300e978f..f0774a57ae 100644 --- a/doc/ssl/SSL_new.pod +++ b/doc/ssl/SSL_new.pod @@ -14,7 +14,7 @@ SSL_new - create a new SSL structure for a connection SSL_new() creates a new B<SSL> structure which is needed to hold the data for a TLS/SSL connection. The new structure inherits the settings -of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1), +of the underlying context B<ctx>: connection method, options, verification settings, timeout settings. =head1 RETURN VALUES diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod index efbff5a0a3..b2bf9cb1b8 100644 --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod @@ -60,9 +60,7 @@ SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call. It is therefore recommended, to check the return value of SSL_shutdown() and call SSL_shutdown() again, if the bidirectional shutdown is not yet -complete (return value of the first call is 0). As the shutdown is not -specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on -the first call. +complete (return value of the first call is 0). The behaviour of SSL_shutdown() additionally depends on the underlying BIO. diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 8d5b8c380e..ceb9766245 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -45,8 +45,8 @@ structures: =item B<SSL_METHOD> (SSL Method) That's a dispatch structure describing the internal B<ssl> library -methods/functions which implement the various protocol versions (SSLv1, SSLv2 -and TLSv1). It's needed to create an B<SSL_CTX>. +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an B<SSL_CTX>. =item B<SSL_CIPHER> (SSL Cipher) @@ -105,8 +105,8 @@ it's already included by ssl.h>. =item B<ssl23.h> -That's the sub header file dealing with the combined use of the SSLv2 and -SSLv3 protocols. +That's the sub header file dealing with the combined use of different +protocol version. I<Usually you don't have to include it explicitly because it's already included by ssl.h>. @@ -130,18 +130,6 @@ protocol methods defined in B<SSL_METHOD> structures. =over 4 -=item const SSL_METHOD *B<SSLv2_client_method>(void); - -Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. - -=item const SSL_METHOD *B<SSLv2_server_method>(void); - -Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. - -=item const SSL_METHOD *B<SSLv2_method>(void); - -Constructor for the SSLv2 SSL_METHOD structure for combined client and server. - =item const SSL_METHOD *B<SSLv3_client_method>(void); Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. @@ -189,7 +177,7 @@ I<alg_bits>) and the bits which are actually used (the return value). =item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); Return the internal name of I<cipher> as a string. These are the various -strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> +strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> definitions in the header files. =item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher); @@ -758,5 +746,8 @@ L<SSL_get_psk_identity(3)|SSL_get_psk_identity(3)> The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2 +B<SSLv2_client_method>, B<SSLv2_server_method> and B<SSLv2_method> where removed +in OpenSSL 1.1.0. + =cut |