Split configuration of TLSv1.3 ciphers from older ciphers

With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
author: Matt Caswell <matt@openssl.org> 2018-02-16 11:26:02 +0000
committer: Matt Caswell <matt@openssl.org> 2018-03-14 10:15:50 +0000
commit: f865b08143b453962ad4afccd69e698d13c60f77 (patch)
tree: 9d1a2ae3fabc63589815a2426456417ec1d14f33 /util/libssl.num
parent: 5b68d1792021463b7cd5d76c82b251d61a56d869 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/util/libssl.num b/util/libssl.num
index db844e33cf..344d684a94 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -484,3 +484,5 @@ SSL_SESSION_set1_ticket_appdata         484	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_session_ticket_cb           485	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_stateless_cookie_generate_cb 486	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_stateless_cookie_verify_cb  487	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_ciphersuites                488	1_1_1	EXIST::FUNCTION:
+SSL_set_ciphersuites                    489	1_1_1	EXIST::FUNCTION:
author	Matt Caswell <matt@openssl.org>	2018-02-16 11:26:02 +0000
committer	Matt Caswell <matt@openssl.org>	2018-03-14 10:15:50 +0000
commit	f865b08143b453962ad4afccd69e698d13c60f77 (patch)
tree	9d1a2ae3fabc63589815a2426456417ec1d14f33 /util/libssl.num
parent	5b68d1792021463b7cd5d76c82b251d61a56d869 (diff)