mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
4519ea90eb
openssl/ssl
History
Benjamin Kaduk ce0b307ea0 Remove disabled TLS 1.3 ciphers from the SSL(_CTX) 
In ssl_create_cipher_list() we make a pass through the ciphers to
remove those which are disabled in the current libctx.  We are
careful to not include such disabled TLS 1.3 ciphers in the final
consolidated cipher list that we produce, but the disabled ciphers
are still kept in the separate stack of TLS 1.3 ciphers associated
with the SSL or SSL_CTX in question.  This leads to confusing
results where a cipher is present in the tls13_cipherlist but absent
from the actual cipher list in use.  Keep the books in order and
remove the disabled ciphers from the 1.3 cipherlist at the same time
we skip adding them to the active cipher list.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12037)
2021-02-23 16:18:41 -08:00
..
record Update copyright year 2021-02-18 15:05:17 +00:00
statem Update copyright year 2021-02-18 15:05:17 +00:00
bio_ssl.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
build.info Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
d1_lib.c Update copyright year 2021-01-28 13:54:57 +01:00
d1_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
d1_srtp.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
ktls.c Update copyright year 2021-01-28 13:54:57 +01:00
methods.c Update some inclusions of <openssl/macros.h> 2019-11-07 11:37:25 +01:00
pqueue.c Update copyright year 2020-11-26 14:18:57 +00:00
s3_cbc.c TLS fixes for CBC mode and no-deprecated 2020-09-09 17:59:08 +10:00
s3_enc.c Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg 2021-02-05 15:22:43 +00:00
s3_lib.c Deprecate the libssl level SRP APIs 2021-02-12 08:47:32 +00:00
s3_msg.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_asn1.c Update copyright year 2020-11-26 14:18:57 +00:00
ssl_cert_table.h Following the license change, modify the boilerplates in ssl/ 2018-12-06 14:20:59 +01:00
ssl_cert.c Remove OPENSSL_NO_DH guards from libssl 2021-02-05 15:20:36 +00:00
ssl_ciph.c Remove disabled TLS 1.3 ciphers from the SSL(_CTX) 2021-02-23 16:18:41 -08:00
ssl_conf.c Update copyright year 2021-02-18 15:05:17 +00:00
ssl_err_legacy.c Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
ssl_err.c Remove OPENSSL_NO_EC guards from libssl 2021-02-05 15:22:43 +00:00
ssl_init.c Modify the ERR init functions to use the internal ERR string loaders 2020-11-24 15:21:44 +01:00
ssl_lib.c Deprecate the libssl level SRP APIs 2021-02-12 08:47:32 +00:00
ssl_local.h Deprecate the libssl level SRP APIs 2021-02-12 08:47:32 +00:00
ssl_mcnf.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
ssl_rsa_legacy.c Deprecate RSA harder 2020-11-18 23:38:34 +01:00
ssl_rsa.c Remove OPENSSL_NO_EC guards from libssl 2021-02-05 15:22:43 +00:00
ssl_sess.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
ssl_stat.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ssl_txt.c Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call 2020-11-11 12:12:11 +01:00
ssl_utst.c Reorganize local header files 2019-09-28 20:26:35 +02:00
sslerr.h Make supported_groups code independent of EC and DH 2021-02-05 15:20:37 +00:00
t1_enc.c Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg 2021-02-05 15:22:43 +00:00
t1_lib.c tls_valid_group: Add missing dereference of okfortls13 2021-02-12 19:05:17 +01:00
t1_trce.c Update copyright year 2021-02-18 15:05:17 +00:00
tls13_enc.c Update copyright year 2021-01-28 13:54:57 +01:00
tls_depr.c Remove OPENSSL_NO_DH guards from libssl 2021-02-05 15:20:36 +00:00
tls_srp.c Update copyright year 2021-02-18 15:05:17 +00:00