From f865b08143b453962ad4afccd69e698d13c60f77 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 16 Feb 2018 11:26:02 +0000 Subject: Split configuration of TLSv1.3 ciphers from older ciphers With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/5392) --- util/libssl.num | 2 ++ 1 file changed, 2 insertions(+) (limited to 'util/libssl.num') diff --git a/util/libssl.num b/util/libssl.num index db844e33cf..344d684a94 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -484,3 +484,5 @@ SSL_SESSION_set1_ticket_appdata 484 1_1_1 EXIST::FUNCTION: SSL_CTX_set_session_ticket_cb 485 1_1_1 EXIST::FUNCTION: SSL_CTX_set_stateless_cookie_generate_cb 486 1_1_1 EXIST::FUNCTION: SSL_CTX_set_stateless_cookie_verify_cb 487 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_ciphersuites 488 1_1_1 EXIST::FUNCTION: +SSL_set_ciphersuites 489 1_1_1 EXIST::FUNCTION: -- cgit v1.2.3