diff options
author | Bodo Möller <bodo@openssl.org> | 2005-11-15 23:32:11 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2005-11-15 23:32:11 +0000 |
commit | d804f86b88f8d45edd71f51713a56f8af9af4fed (patch) | |
tree | 13dc39cc426cb0432f42e699d884c9a827aa0108 /ssl | |
parent | 8dee9f844f8f22e74d00dff43043732ef1e1fe15 (diff) |
disable some invalid ciphersuites
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s2_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_lib.c | 4 | ||||
-rw-r--r-- | ssl/tls1.h | 9 |
3 files changed, 9 insertions, 6 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 37f83cd891..a454cac9f1 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ -#if 1 +#if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f94c0d957d..5a3e41f2f8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1213,7 +1213,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #endif /* OPENSSL_NO_ECDH */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites */ + /* New TLS Export CipherSuites from expired ID */ +#if 0 /* Cipher 60 */ { 1, @@ -1240,6 +1241,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif /* Cipher 62 */ { 1, diff --git a/ssl/tls1.h b/ssl/tls1.h index be15445384..112ef3a99f 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -97,12 +97,13 @@ extern "C" { #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 -/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt +/* Additional TLS ciphersuites from expired Internet Draft + * draft-ietf-tls-56-bit-ciphersuites-01.txt * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably - * shouldn't. */ -#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 -#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 + * shouldn't. Note that the first two are actually not in the IDs. */ +#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ +#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 |