diff options
author | Todd Short <tshort@akamai.com> | 2019-04-05 10:03:29 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-06-11 09:44:26 +0100 |
commit | 5d120511679ed69669e29b374a3bab1c50ff5134 (patch) | |
tree | d3ba2fbe02170e3dee4825852549148bb6937951 /util | |
parent | 3f91ede9aea70774d9b5d509bc76d484ebaff6aa (diff) |
Change cipher default strings to a function
Making the default cipher strings a function gives the library more
control over the defaults. Potentially allowing a change in the
future as ciphers become deprecated or dangerous.
Also allows third party distributors to change the defaults for their
installations.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8686)
Diffstat (limited to 'util')
-rw-r--r-- | util/libssl.num | 2 | ||||
-rw-r--r-- | util/private.num | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/util/libssl.num b/util/libssl.num index c34200fb5d..25e12ab36a 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -504,3 +504,5 @@ SSL_set_async_callback 504 3_0_0 EXIST::FUNCTION: SSL_set_async_callback_arg 505 3_0_0 EXIST::FUNCTION: SSL_get_async_status 506 3_0_0 EXIST::FUNCTION: SSL_sendfile 507 3_0_0 EXIST::FUNCTION: +OSSL_default_cipher_list 508 3_0_0 EXIST::FUNCTION: +OSSL_default_ciphersuites 509 3_0_0 EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index cf08a83ee2..53edf4a7a4 100644 --- a/util/private.num +++ b/util/private.num @@ -421,6 +421,7 @@ SSL_CTX_set_tlsext_status_type define SSL_CTX_set_tlsext_ticket_key_cb define SSL_CTX_set_tmp_dh define SSL_CTX_set_tmp_ecdh define +SSL_DEFAULT_CIPHER_LIST define deprecated 3.0.0 SSL_add0_chain_cert define SSL_add1_chain_cert define SSL_build_cert_chain define @@ -499,6 +500,7 @@ SSL_want_x509_lookup define SSLv23_client_method define SSLv23_method define SSLv23_server_method define +TLS_DEFAULT_CIPHERSUITES define deprecated 3.0.0 X509_STORE_set_lookup_crls_cb define X509_STORE_set_verify_func define EVP_PKEY_CTX_set1_id define |