Stop using unimplemented cipher classes.

author Bernd Edlinger <bernd.edlinger@hotmail.de>

Fri, 5 Jan 2018 17:50:09 +0000 (18:50 +0100)

committer Bernd Edlinger <bernd.edlinger@hotmail.de>

Sat, 6 Jan 2018 14:14:57 +0000 (15:14 +0100)
author Bernd Edlinger <bernd.edlinger@hotmail.de>
Fri, 5 Jan 2018 17:50:09 +0000 (18:50 +0100)
committer Bernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 6 Jan 2018 14:14:57 +0000 (15:14 +0100)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h

index 98a106bb775527a68e3ac926fea72a1394361269..84f14f7a57137c24169fcd85cc41252a3e6deef1 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -67,14 +67,14 @@ extern "C" {
  # define SSL_TXT_NULL            "NULL"
  
  # define SSL_TXT_kRSA            "kRSA"
  # define SSL_TXT_NULL            "NULL"
  
  # define SSL_TXT_kRSA            "kRSA"
-# define SSL_TXT_kDHr            "kDHr"
-# define SSL_TXT_kDHd            "kDHd"
-# define SSL_TXT_kDH             "kDH"
+# define SSL_TXT_kDHr            "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd            "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH             "kDH"/* this cipher class has been removed */
  # define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
  # define SSL_TXT_kDHE            "kDHE"
  # define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
  # define SSL_TXT_kDHE            "kDHE"
-# define SSL_TXT_kECDHr          "kECDHr"
-# define SSL_TXT_kECDHe          "kECDHe"
-# define SSL_TXT_kECDH           "kECDH"
+# define SSL_TXT_kECDHr          "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe          "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH           "kECDH"/* this cipher class has been removed */
  # define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
  # define SSL_TXT_kECDHE          "kECDHE"
  # define SSL_TXT_kPSK            "kPSK"
  # define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
  # define SSL_TXT_kECDHE          "kECDHE"
  # define SSL_TXT_kPSK            "kPSK"
@@ -86,8 +86,8 @@ extern "C" {
  
  # define SSL_TXT_aRSA            "aRSA"
  # define SSL_TXT_aDSS            "aDSS"
  
  # define SSL_TXT_aRSA            "aRSA"
  # define SSL_TXT_aDSS            "aDSS"
-# define SSL_TXT_aDH             "aDH"
-# define SSL_TXT_aECDH           "aECDH"
+# define SSL_TXT_aDH             "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH           "aECDH"/* this cipher class has been removed */
  # define SSL_TXT_aECDSA          "aECDSA"
  # define SSL_TXT_aPSK            "aPSK"
  # define SSL_TXT_aGOST94         "aGOST94"
  # define SSL_TXT_aECDSA          "aECDSA"
  # define SSL_TXT_aPSK            "aPSK"
  # define SSL_TXT_aGOST94         "aGOST94"
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 19b592a3ab4b7bd794a77194d618d8ad98e39a54..94bff7c28d3f3f6412ad03175cc44b4f1beb330c 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1368,10 +1368,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
      ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
                            &tail);
  
      ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
                            &tail);
  
-    /*
-     * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
-     * &head, &tail);
-     */
      ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
                            &tail);
      ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
      ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
                            &tail);
      ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t

index 2f3d3be6cb2a5b01ac124cdf0a961cf7b2217c03..35bf904184a2fb34d2ad1dda4d76d1314e09a0ea 100644 (file)
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -396,7 +396,7 @@ sub testssl {
      subtest "Testing ciphersuites" => sub {
  
          my @exkeys = ();
      subtest "Testing ciphersuites" => sub {
  
          my @exkeys = ();
-        my $ciphers = "-EXP:-PSK:-SRP:-kDH:-kECDHe";
+        my $ciphers = "-PSK:-SRP";
  
          if (!$no_dsa) {
              push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
  
          if (!$no_dsa) {
              push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
author	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Fri, 5 Jan 2018 17:50:09 +0000 (18:50 +0100)
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Sat, 6 Jan 2018 14:14:57 +0000 (15:14 +0100)
include/openssl/ssl.h		patch \| blob \| history
ssl/ssl_ciph.c		patch \| blob \| history
test/recipes/80-test_ssl_old.t		patch \| blob \| history