mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Put DES into "not default" category.

Browse Source 
Add CVE to CHANGES

Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Rich Salz 2016-08-18 08:56:42 -04:00 committed by Matt Caswell
parent d33726b92e
commit ef28891bab
2 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,8 +4,9 @@
Changes between 1.0.2h and 1.1.0 [xx XXX xxxx]
*) Because of the SWEET32 attack, 3DES cipher suites have been disabled by
default like RC4. See the RC4 item below to re-enable both.
*) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites
have been disabled by default and removed from DEFAULT, just like RC4.
See the RC4 item below to re-enable both.
[Rich Salz]
*) The method for finding the storage location for the Windows RAND seed file

22
ssl/s3_lib.c
View File

@ -57,7 +57,7 @@
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/*
* The list of available ciphers, organized into the following
* The list of available ciphers, mostly organized into the following
* groups:
* Always there
* EC
@ -108,7 +108,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -138,7 +138,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -862,7 +862,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -924,7 +924,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -1201,7 +1201,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -1248,7 +1248,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -1295,7 +1295,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -1613,7 +1613,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM | SSL_FIPS,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -1739,7 +1739,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@ -1754,7 +1754,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_MEDIUM,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,