diff options
author | Matt Caswell <matt@openssl.org> | 2015-09-29 11:14:35 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-09-30 19:15:06 +0100 |
commit | c84f7f4a7405d69be4227d4766290b0950122b3c (patch) | |
tree | 3ae21ee691960e88e3291d10eef5d9540f70b992 /include | |
parent | 8eed3289b21d25583ed44742db43a2d727b79643 (diff) |
Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.
Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d488aa5cf4..8fa9363304 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -290,7 +290,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is |