recent changes from 0.9.8: fix cipher list order in s3_lib.c,
authorNils Larsch <nils@openssl.org>
Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)
committerNils Larsch <nils@openssl.org>
Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)
make "no-ssl2" work again

PR: 1217

ssl/s23_meth.c
ssl/s3_lib.c
ssl/ssltest.c

index 115dc11a7e49bd5fc89456a1d970196a3e1a55a4..c6099efcf75726b72b1b47d83a03c21d8b81bb4a 100644 (file)
 static const SSL_METHOD *ssl23_get_method(int ver);
 static const SSL_METHOD *ssl23_get_method(int ver)
        {
+#ifndef OPENSSL_NO_SSL2
        if (ver == SSL2_VERSION)
                return(SSLv2_method());
-       else if (ver == SSL3_VERSION)
+       else
+#endif
+#ifndef OPENSSL_NO_SSL3
+       if (ver == SSL3_VERSION)
                return(SSLv3_method());
-       else if (ver == TLS1_VERSION)
+       else
+#endif
+#ifndef OPENSSL_NO_TLS1
+       if (ver == TLS1_VERSION)
                return(TLSv1_method());
        else
+#endif
                return(NULL);
        }
 
index 3b87222166d00e51934bc5206cb872cfa3a3ac79..6ccd8b132481aceaaec66c76af834409c8b00390 100644 (file)
@@ -901,6 +901,102 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_STRENGTHS,
        },
 
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+       /* New TLS Export CipherSuites from expired ID */
+#if 0
+       /* Cipher 60 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 61 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+#endif
+       /* Cipher 62 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+           TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           56,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 63 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+           TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           56,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 64 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 65 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+           TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 66 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+           TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_NOT_EXP|SSL_MEDIUM,
+           0,
+           128,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS
+           },
+#endif
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
            {
@@ -1253,103 +1349,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
             },
 #endif /* OPENSSL_NO_ECDH */
 
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-       /* New TLS Export CipherSuites from expired ID */
-#if 0
-       /* Cipher 60 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 61 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-#endif
-       /* Cipher 62 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 63 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 64 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 65 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 66 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-           TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS
-           },
-#endif
-
 /* end of list */
        };
 
index 5f74c51b38907fb83f9496f4d35e329d66e92d62..9b7a387ba39d3f3e27956bbe1f846e2756688949 100644 (file)
@@ -2241,6 +2241,7 @@ static int do_test_cipherlist(void)
        const SSL_METHOD *meth;
        SSL_CIPHER *ci, *tci = NULL;
 
+#ifndef OPENSSL_NO_SSL2
        fprintf(stderr, "testing SSLv2 cipher list order: ");
        meth = SSLv2_method();
        while ((ci = meth->get_cipher(i++)) != NULL)
@@ -2254,7 +2255,8 @@ static int do_test_cipherlist(void)
                tci = ci;
                }
        fprintf(stderr, "ok\n");
-
+#endif
+#ifndef OPENSSL_NO_SSL3
        fprintf(stderr, "testing SSLv3 cipher list order: ");
        meth = SSLv3_method();
        tci = NULL;
@@ -2269,7 +2271,8 @@ static int do_test_cipherlist(void)
                tci = ci;
                }
        fprintf(stderr, "ok\n");
-
+#endif
+#ifndef OPENSSL_NO_TLS1
        fprintf(stderr, "testing TLSv1 cipher list order: ");
        meth = TLSv1_method();
        tci = NULL;
@@ -2284,6 +2287,7 @@ static int do_test_cipherlist(void)
                tci = ci;
                }
        fprintf(stderr, "ok\n");
+#endif
 
        return 1;
        }