disable some invalid ciphersuites

[openssl.git] / ssl / tls1.h

diff --git a/ssl/tls1.h b/ssl/tls1.h
index 4d7c9a17b22885a6972a59763d0d648133d02249..112ef3a99fd5cd1c4b05a12b43dd6bfc221d0cda 100644 (file)
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -64,19 +64,6 @@
  * The Contribution is licensed pursuant to the OpenSSL open source
  * license provided above.
  *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the Contribution as delivered hereunder 
- * (or portions thereof), provided that such covenant shall not apply:
- *  1) for code that a licensee deletes from the Contribution;
- *  2) separates from the Contribution; or
- *  3) for infringements caused by:
- *       i) the modification of the Contribution or
- *      ii) the combination of the  Contribution with other software or
- *          devices where such combination causes the infringement.
- *
  * ECC cipher suite support in OpenSSL originally written by
  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
  *
@@ -110,12 +97,13 @@ extern "C" {
 #define TLS1_AD_USER_CANCELLED         90
 #define TLS1_AD_NO_RENEGOTIATION       100
 
-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+/* Additional TLS ciphersuites from expired Internet Draft
+ * draft-ietf-tls-56-bit-ciphersuites-01.txt
  * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
  * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5         0x03000060
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     0x03000061
+ * shouldn't.  Note that the first two are actually not in the IDs. */
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5         0x03000060 /* not in ID */
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     0x03000061 /* not in ID */
 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA                0x03000062
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA    0x03000063
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA         0x03000064
@@ -144,6 +132,10 @@ extern "C" {
  * suites to use 5B and 5C instead (this may change with future
  * updates to the IETF draft).
  */
+/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of
+ * ciphersuites, but does not define numbers for all of them
+ * because of possible conflicts with other Internet Drafts;
+ * most numbers are still subject to change. */
 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x03000047
 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x03000048
 #define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA             0x03000049