diff options
author | Rich Salz <rsalz@openssl.org> | 2016-07-30 12:21:32 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-08-24 14:05:52 +0100 |
commit | d33726b92e09605a088369d0e01c99d138c0524f (patch) | |
tree | 2ca91bfac0f0ee1eb031196cf1c7becfe70a9ce1 /ssl/s3_lib.c | |
parent | cfd20f64cc4bd440cfc8fe59f2daaa575015af3d (diff) |
To avoid SWEET32 attack, move 3DES to weak
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8925717a62..1baf9936ba 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -97,6 +97,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, @@ -157,6 +158,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#endif { 1, TLS1_TXT_RSA_WITH_AES_128_SHA, @@ -849,6 +851,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, @@ -864,6 +867,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, @@ -909,6 +913,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, @@ -924,6 +929,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, @@ -969,6 +975,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, @@ -984,6 +991,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, @@ -1182,6 +1190,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1197,6 +1206,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, @@ -1227,6 +1237,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1242,6 +1253,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA, @@ -1272,6 +1284,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1287,6 +1300,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA, @@ -1588,6 +1602,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 0, }, # ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, @@ -1603,6 +1618,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, @@ -1712,6 +1728,7 @@ static SSL_CIPHER ssl3_ciphers[] = { #endif /* OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, @@ -1757,6 +1774,7 @@ static SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +# endif { 1, TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, |