diff options
| author | Bodo Möller <bodo@openssl.org> | 2012-04-17 15:21:29 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2012-04-17 15:21:29 +0000 |
| commit | bb3add20f33ec6c62c449954823c7439ea2ad24d (patch) | |
| tree | 61e50634f82a36afc988c6ffb3eed6fc52461806 /ssl/s3_lib.c | |
| parent | 48e0f6667b86cade6e7b7afa83c7006ab7e8c2d1 (diff) | |
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
Diffstat (limited to 'ssl/s3_lib.c')
| -rw-r--r-- | ssl/s3_lib.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c8cb8def0b..57dac3f00d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1076,7 +1076,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aRSA, SSL_eNULL, SSL_SHA256, - SSL_SSLV3, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 0, @@ -1092,7 +1092,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aRSA, SSL_AES128, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, @@ -1108,7 +1108,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aRSA, SSL_AES256, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, @@ -1124,7 +1124,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aDH, SSL_AES128, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, @@ -1140,7 +1140,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aDH, SSL_AES128, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, @@ -1156,7 +1156,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aDSS, SSL_AES128, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, @@ -1390,7 +1390,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aRSA, SSL_AES128, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, @@ -1406,7 +1406,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aDH, SSL_AES256, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, @@ -1422,7 +1422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aDH, SSL_AES256, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, @@ -1438,7 +1438,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aDSS, SSL_AES256, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, @@ -1454,7 +1454,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aRSA, SSL_AES256, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, @@ -1470,7 +1470,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aNULL, SSL_AES128, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, @@ -1486,7 +1486,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_aNULL, SSL_AES256, SSL_SHA256, - SSL_TLSV1, + SSL_TLSV1_2, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, |