diff options
| author | Matt Caswell <matt@openssl.org> | 2016-03-03 15:40:51 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-03-04 10:04:06 +0000 |
| commit | 8b1a5af389fb962c7d00ffc9d003c81078033e7b (patch) | |
| tree | c8e4ed539f9a711c85cbff3b62b38736b5dd29af /ssl | |
| parent | f04abe7d500eeebc078a0ffb0e82997d5f62b2df (diff) | |
Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_lib.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 07ce76d9e3..f1ea55aea9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -195,6 +195,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 04 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_RC4_128_MD5, @@ -225,6 +226,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA @@ -293,6 +295,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 18 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_RC4_128_MD5, @@ -307,6 +310,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher 1B */ { @@ -813,6 +817,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { #ifndef OPENSSL_NO_PSK /* PSK ciphersuites from RFC 4279 */ /* Cipher 8A */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_PSK_WITH_RC4_128_SHA, @@ -827,6 +832,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher 8B */ { @@ -877,6 +883,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 8E */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA, @@ -891,6 +898,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher 8F */ { @@ -941,6 +949,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 92 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA, @@ -955,6 +964,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher 93 */ { @@ -1646,6 +1656,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C007 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, @@ -1660,6 +1671,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C008 */ { @@ -1726,6 +1738,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C011 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, @@ -1740,6 +1753,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C012 */ { @@ -1806,6 +1820,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C016 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, @@ -1820,6 +1835,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C017 */ { @@ -2152,6 +2168,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { /* PSK ciphersuites from RFC 5489 */ /* Cipher C033 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, @@ -2166,6 +2183,7 @@ static const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C034 */ { |