mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

recent changes from 0.9.8: fix cipher list order in s3_lib.c,

Browse Source 
make "no-ssl2" work again

PR: 1217
This commit is contained in:
Nils Larsch 2006-01-15 17:35:28 +00:00
parent 9e9bececa9
commit 00fe865dbe
3 changed files with 112 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/s23_meth.c
View File

@ -63,13 +63,21 @@
static const SSL_METHOD *ssl23_get_method(int ver);
static const SSL_METHOD *ssl23_get_method(int ver)
{
#ifndef OPENSSL_NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_method());
else if (ver == SSL3_VERSION)
else
#endif
#ifndef OPENSSL_NO_SSL3
if (ver == SSL3_VERSION)
return(SSLv3_method());
else if (ver == TLS1_VERSION)
else
#endif
#ifndef OPENSSL_NO_TLS1
if (ver == TLS1_VERSION)
return(TLSv1_method());
else
#endif
return(NULL);
}

193
ssl/s3_lib.c
View File

@ -901,6 +901,102 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
/* New TLS Export CipherSuites from expired ID */
#if 0
/* Cipher 60 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 61 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
/* Cipher 62 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 63 */
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 64 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 65 */
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 66 */
{
1,
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS
},
#endif
#ifndef OPENSSL_NO_ECDH
/* Cipher C001 */
{
@ -1253,103 +1349,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
},
#endif /* OPENSSL_NO_ECDH */
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
/* New TLS Export CipherSuites from expired ID */
#if 0
/* Cipher 60 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 61 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
/* Cipher 62 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 63 */
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 64 */
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 65 */
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56,
0,
56,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 66 */
{
1,
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS
},
#endif
/* end of list */
};

8
ssl/ssltest.c
View File

@ -2241,6 +2241,7 @@ static int do_test_cipherlist(void)
const SSL_METHOD *meth;
SSL_CIPHER *ci, *tci = NULL;
#ifndef OPENSSL_NO_SSL2
fprintf(stderr, "testing SSLv2 cipher list order: ");
meth = SSLv2_method();
while ((ci = meth->get_cipher(i++)) != NULL)
@ -2254,7 +2255,8 @@ static int do_test_cipherlist(void)
tci = ci;
}
fprintf(stderr, "ok\n");
#endif
#ifndef OPENSSL_NO_SSL3
fprintf(stderr, "testing SSLv3 cipher list order: ");
meth = SSLv3_method();
tci = NULL;
@ -2269,7 +2271,8 @@ static int do_test_cipherlist(void)
tci = ci;
}
fprintf(stderr, "ok\n");
#endif
#ifndef OPENSSL_NO_TLS1
fprintf(stderr, "testing TLSv1 cipher list order: ");
meth = TLSv1_method();
tci = NULL;
@ -2284,6 +2287,7 @@ static int do_test_cipherlist(void)
tci = ci;
}
fprintf(stderr, "ok\n");
#endif
return 1;
}