Ensure that AES remains the preferred cipher at any given key length.

(This does not really require a special case for Camellia.)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index acafdb105ed8ddb3cb6bbcf61fd03e4c9de938c1..694e433ef392d5c9225c67d6659843255968a7fc 100644 (file)
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -105,8 +105,7 @@ The following is a list of all permitted cipher strings and their meanings.
 =item B<DEFAULT>
 
 the default cipher list. This is determined at compile time and is normally
-B<ALL:!aNULL:!eNULL:+RC4:@STRENGTH> or
-B<AES:CAMELLIA:ALL!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
+B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
 specified.
 
 =item B<COMPLEMENTOFDEFAULT>

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2b896978f57a04ad5e2ebcaea7ad745930be6fe3..ff18cf5fd305880d57d968141b2fcc8c6a146386 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -317,11 +317,7 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
-#ifdef OPENSSL_NO_CAMELLIA
-# define SSL_DEFAULT_CIPHER_LIST       "ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
-#else
-# define SSL_DEFAULT_CIPHER_LIST       "AES:CAMELLIA:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
-#endif
+#define SSL_DEFAULT_CIPHER_LIST        "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN      1