projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM
[openssl.git]
/
ssl
/
s3_lib.c
diff --git
a/ssl/s3_lib.c
b/ssl/s3_lib.c
index 5db349a23a6a59513e108309acb0c59730c68322..0385e039c8d46c650b74b44990bbca5d289a4501 100644
(file)
--- a/
ssl/s3_lib.c
+++ b/
ssl/s3_lib.c
@@
-198,6
+198,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
},
/* Cipher 03 */
},
/* Cipher 03 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_RC4_40_MD5,
{
1,
SSL3_TXT_RSA_RC4_40_MD5,
@@
-207,11
+208,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+#endif
/* Cipher 04 */
{
/* Cipher 04 */
{
@@
-246,6
+248,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
},
/* Cipher 06 */
},
/* Cipher 06 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_RC2_40_MD5,
{
1,
SSL3_TXT_RSA_RC2_40_MD5,
@@
-255,11
+258,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC2,
SSL_MD5,
SSL_SSLV3,
SSL_RC2,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+#endif
/* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
/* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
@@
-280,6
+284,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
#endif
/* Cipher 08 */
#endif
/* Cipher 08 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_DES_40_CBC_SHA,
{
1,
SSL3_TXT_RSA_DES_40_CBC_SHA,
@@
-289,13
+294,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
+#endif
/* Cipher 09 */
/* Cipher 09 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_DES_64_CBC_SHA,
{
1,
SSL3_TXT_RSA_DES_64_CBC_SHA,
@@
-305,11
+312,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+#endif
/* Cipher 0A */
{
/* Cipher 0A */
{
@@
-321,7
+329,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-329,6
+337,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
/* The DH ciphers */
/* Cipher 0B */
/* The DH ciphers */
/* Cipher 0B */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
{
0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
@@
-338,13
+347,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
+#endif
/* Cipher 0C */
/* Cipher 0C */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
{
1,
SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
@@
-354,11
+365,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+#endif
/* Cipher 0D */
{
/* Cipher 0D */
{
@@
-370,13
+382,14
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 0E */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 0E */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
0,
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
{
0,
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
@@
-386,13
+399,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
+#endif
/* Cipher 0F */
/* Cipher 0F */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
{
1,
SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
@@
-402,11
+417,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+#endif
/* Cipher 10 */
{
/* Cipher 10 */
{
@@
-418,7
+434,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-426,6
+442,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
/* The Ephemeral DH ciphers */
/* Cipher 11 */
/* The Ephemeral DH ciphers */
/* Cipher 11 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
{
1,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
@@
-435,13
+452,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
+#endif
/* Cipher 12 */
/* Cipher 12 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
{
1,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
@@
-451,11
+470,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+#endif
/* Cipher 13 */
{
/* Cipher 13 */
{
@@
-467,13
+487,14
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 14 */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 14 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
{
1,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
@@
-483,13
+504,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
+#endif
/* Cipher 15 */
/* Cipher 15 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
{
1,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
@@
-499,11
+522,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+#endif
/* Cipher 16 */
{
/* Cipher 16 */
{
@@
-515,13
+539,14
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 17 */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 17 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_ADH_RC4_40_MD5,
{
1,
SSL3_TXT_ADH_RC4_40_MD5,
@@
-531,11
+556,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+#endif
/* Cipher 18 */
{
/* Cipher 18 */
{
@@
-547,13
+573,14
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 19 */
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 19 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
{
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
@@
-563,13
+590,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+#endif
/* Cipher 1A */
/* Cipher 1A */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_ADH_DES_64_CBC_SHA,
{
1,
SSL3_TXT_ADH_DES_64_CBC_SHA,
@@
-579,11
+608,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+#endif
/* Cipher 1B */
{
/* Cipher 1B */
{
@@
-595,7
+625,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_
EXP | SSL_HIGH
| SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_EXP | SSL_MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-655,6
+685,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
#ifndef OPENSSL_NO_KRB5
/* The Kerberos ciphers*/
/* Cipher 1E */
#ifndef OPENSSL_NO_KRB5
/* The Kerberos ciphers*/
/* Cipher 1E */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_DES_64_CBC_SHA,
{
1,
SSL3_TXT_KRB5_DES_64_CBC_SHA,
@@
-664,11
+695,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+# endif
/* Cipher 1F */
{
/* Cipher 1F */
{
@@
-680,7
+712,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-719,6
+751,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
},
/* Cipher 22 */
},
/* Cipher 22 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_DES_64_CBC_MD5,
{
1,
SSL3_TXT_KRB5_DES_64_CBC_MD5,
@@
-728,11
+761,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_MD5,
SSL_SSLV3,
SSL_DES,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_LOW,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_LOW,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+# endif
/* Cipher 23 */
{
/* Cipher 23 */
{
@@
-744,7
+778,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_MD5,
SSL_SSLV3,
SSL_3DES,
SSL_MD5,
SSL_SSLV3,
- SSL_NOT_EXP | SSL_
HIGH
,
+ SSL_NOT_EXP | SSL_
MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-783,6
+817,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
},
/* Cipher 26 */
},
/* Cipher 26 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_DES_40_CBC_SHA,
{
1,
SSL3_TXT_KRB5_DES_40_CBC_SHA,
@@
-792,13
+827,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
SSL_DES,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
+# endif
/* Cipher 27 */
/* Cipher 27 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_SHA,
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_SHA,
@@
-808,13
+845,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC2,
SSL_SHA1,
SSL_SSLV3,
SSL_RC2,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+# endif
/* Cipher 28 */
/* Cipher 28 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_RC4_40_SHA,
{
1,
SSL3_TXT_KRB5_RC4_40_SHA,
@@
-824,13
+863,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+# endif
/* Cipher 29 */
/* Cipher 29 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_DES_40_CBC_MD5,
{
1,
SSL3_TXT_KRB5_DES_40_CBC_MD5,
@@
-840,13
+881,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_MD5,
SSL_SSLV3,
SSL_DES,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
56,
},
+# endif
/* Cipher 2A */
/* Cipher 2A */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_MD5,
{
1,
SSL3_TXT_KRB5_RC2_40_CBC_MD5,
@@
-856,13
+899,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC2,
SSL_MD5,
SSL_SSLV3,
SSL_RC2,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+# endif
/* Cipher 2B */
/* Cipher 2B */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_KRB5_RC4_40_MD5,
{
1,
SSL3_TXT_KRB5_RC4_40_MD5,
@@
-872,11
+917,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
SSL_RC4,
SSL_MD5,
SSL_SSLV3,
- SSL_EXPORT | SSL_EXP40,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP40,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
40,
128,
},
+# endif
#endif /* OPENSSL_NO_KRB5 */
/* New AES ciphersuites */
#endif /* OPENSSL_NO_KRB5 */
/* New AES ciphersuites */
@@
-965,7
+1011,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
@@
-1060,7
+1106,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
@@
-1256,7
+1302,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_CAMELLIA128,
SSL_SHA1,
SSL_TLSV1,
SSL_CAMELLIA128,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
@@
-1276,7
+1322,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_MD5,
SSL_TLSV1,
SSL_RC4,
SSL_MD5,
SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP56,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
@@
-1292,7
+1338,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC2,
SSL_MD5,
SSL_TLSV1,
SSL_RC2,
SSL_MD5,
SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP56,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
@@
-1300,6
+1346,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
# endif
/* Cipher 62 */
# endif
/* Cipher 62 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
@@
-1309,13
+1356,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_TLSV1,
SSL_DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP56,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+# endif
/* Cipher 63 */
/* Cipher 63 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
@@
-1325,13
+1374,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_DES,
SSL_SHA1,
SSL_TLSV1,
SSL_DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP56,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
56,
},
+# endif
/* Cipher 64 */
/* Cipher 64 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
{
1,
TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
@@
-1341,13
+1392,15
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_SHA1,
SSL_TLSV1,
SSL_RC4,
SSL_SHA1,
SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP56,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
},
+# endif
/* Cipher 65 */
/* Cipher 65 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
{
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
@@
-1357,11
+1410,12
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_SHA1,
SSL_TLSV1,
SSL_RC4,
SSL_SHA1,
SSL_TLSV1,
- SSL_EXPORT | SSL_EXP56,
+ SSL_
NOT_DEFAULT | SSL_
EXPORT | SSL_EXP56,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
},
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
56,
128,
},
+# endif
/* Cipher 66 */
{
/* Cipher 66 */
{
@@
-1471,7
+1525,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
@@
-1487,7
+1541,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES256,
SSL_SHA256,
SSL_TLSV1_2,
SSL_AES256,
SSL_SHA256,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
@@
-1640,7
+1694,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_CAMELLIA256,
SSL_SHA1,
SSL_TLSV1,
SSL_CAMELLIA256,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
@@
-1674,7
+1728,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-1806,7
+1860,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_SEED,
SSL_SHA1,
SSL_TLSV1,
SSL_SEED,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
@@
-1986,7
+2040,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
@@
-2002,7
+2056,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
@@
-2066,7
+2120,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2146,7
+2200,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2226,7
+2280,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2306,7
+2360,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
| SSL_FIPS,
+ SSL_NOT_EXP | SSL_
MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2370,7
+2424,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_RC4,
SSL_SHA1,
SSL_TLSV1,
SSL_RC4,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
@@
-2386,7
+2440,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_
EXP | SSL_HIGH
| SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_EXP | SSL_MEDIUM
| SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2402,7
+2456,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
@@
-2418,7
+2472,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_NOT_
DEFAULT | SSL_NOT_
EXP | SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
@@
-2436,7
+2490,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
,
+ SSL_NOT_EXP | SSL_
MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2452,7
+2506,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
,
+ SSL_NOT_EXP | SSL_
MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2468,7
+2522,7
@@
OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
- SSL_NOT_EXP | SSL_
HIGH
,
+ SSL_NOT_EXP | SSL_
MEDIUM
,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
@@
-2983,7
+3037,7
@@
int ssl3_new(SSL *s)
void ssl3_free(SSL *s)
{
void ssl3_free(SSL *s)
{
- if (s == NULL)
+ if (s == NULL
|| s->s3 == NULL
)
return;
#ifdef TLSEXT_TYPE_opaque_prf_input
return;
#ifdef TLSEXT_TYPE_opaque_prf_input
@@
-3084,7
+3138,7
@@
void ssl3_clear(SSL *s)
}
#if !defined(OPENSSL_NO_TLSEXT)
if (s->s3->alpn_selected) {
}
#if !defined(OPENSSL_NO_TLSEXT)
if (s->s3->alpn_selected) {
- free(s->s3->alpn_selected);
+
OPENSSL_
free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
}
#endif
s->s3->alpn_selected = NULL;
}
#endif
@@
-3206,13
+3260,6
@@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
return (ret);
}
SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
return (ret);
}
- if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
- if (!DH_generate_key(dh)) {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return (ret);
- }
- }
if (s->cert->dh_tmp != NULL)
DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
if (s->cert->dh_tmp != NULL)
DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
@@
-3263,6
+3310,8
@@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
+ size_t len;
+
if (s->tlsext_hostname != NULL)
OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
if (s->tlsext_hostname != NULL)
OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
@@
-3270,7
+3319,8
@@
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ret = 1;
if (parg == NULL)
break;
ret = 1;
if (parg == NULL)
break;
- if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+ len = strlen((char *)parg);
+ if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
@@
-3710,13
+3760,6
@@
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
return 0;
}
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
return 0;
}
- if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
- if (!DH_generate_key(new)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
- DH_free(new);
- return 0;
- }
- }
if (cert->dh_tmp != NULL)
DH_free(cert->dh_tmp);
cert->dh_tmp = new;
if (cert->dh_tmp != NULL)
DH_free(cert->dh_tmp);
cert->dh_tmp = new;
@@
-4485,7
+4528,10
@@
int ssl3_renegotiate_check(SSL *s)
*/
long ssl_get_algorithm2(SSL *s)
{
*/
long ssl_get_algorithm2(SSL *s)
{
- long alg2 = s->s3->tmp.new_cipher->algorithm2;
+ long alg2;
+ if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
+ return -1;
+ alg2 = s->s3->tmp.new_cipher->algorithm2;
if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
&& alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
&& alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;