diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-03-12 01:43:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-03-12 01:43:28 +0000 |
commit | bc420ac592df14384ba4acf7104482123e8729ba (patch) | |
tree | ec02b3a751339a1a70935bff519e10b7510e582c /ssl | |
parent | abd4c915271d8660f52e5e8c5b6abc9deed1302a (diff) |
Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that
NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_ciph.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index cb48f36e66..29058d7f15 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -111,7 +111,8 @@ typedef struct cipher_order_st } CIPHER_ORDER; static SSL_CIPHER cipher_aliases[]={ - {0,SSL_TXT_ALL, 0,SSL_ALL, 0,SSL_ALL}, /* must be first */ + /* Don't include eNULL unless specifically enabled */ + {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK}, {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK}, @@ -403,7 +404,7 @@ char *str; } /* special case */ - cipher_aliases[0].algorithms= ~mask; + cipher_aliases[0].algorithms &= ~mask; /* get the aliases */ k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER); |