projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8eed328) | patch
Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
authorMatt Caswell <matt@openssl.org>
Tue, 29 Sep 2015 10:14:35 +0000 (11:14 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 30 Sep 2015 18:15:06 +0000 (19:15 +0100)
commitc84f7f4a7405d69be4227d4766290b0950122b3c
tree3ae21ee691960e88e3291d10eef5d9540f70b992tree | snapshot
parent8eed3289b21d25583ed44742db43a2d727b79643commit | diff
Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2

This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: Tim Hudson <tjh@openssl.org>
CHANGES diff | blob | history
doc/apps/ciphers.pod diff | blob | history
include/openssl/ssl.h diff | blob | history
ssl/s3_lib.c diff | blob | history
ssl/ssl_ciph.c diff | blob | history
ssl/ssl_locl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.