diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-19 19:55:34 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-19 19:55:34 +0000 |
commit | c6ccf055ba151c348bb0026e05a83b0135e40518 (patch) | |
tree | 6d95d1f48e0152a4dcb7dba17d6302543b94ba87 /ssl | |
parent | 1649d85d10173fe769e3bc5684871c687a5cfb74 (diff) |
New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl.h | 17 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 2 |
2 files changed, 19 insertions, 0 deletions
@@ -266,6 +266,23 @@ extern "C" { #define SSL_TXT_TLSV1 "TLSv1" #define SSL_TXT_ALL "ALL" +/* + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a1cef72082..37f58886a6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -102,6 +102,8 @@ typedef struct cipher_order_st static const SSL_CIPHER cipher_aliases[]={ /* Don't include eNULL unless specifically enabled. */ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ + {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, |