X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Ftls1.h;h=cf92ae034f0bd9ce82aebc1f77e75723718b9d02;hb=0bc6597d4d1402afd0c5df7855b72bdf93e98f9d;hp=afb1e10ac9d36fd6542ebbe033cf9949eac2124e;hpb=018e57c74d9dc6b5676aead4be11cd28a8617ea4;p=openssl.git

diff --git a/ssl/tls1.h b/ssl/tls1.h
index afb1e10ac9..cf92ae034f 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -77,13 +77,17 @@ extern "C" {
 #define TLS1_AD_ACCESS_DENIED		49	/* fatal */
 #define TLS1_AD_DECODE_ERROR		50	/* fatal */
 #define TLS1_AD_DECRYPT_ERROR		51
-#define TLS1_AD_EXPORT_RESTRICION	60	/* fatal */
+#define TLS1_AD_EXPORT_RESTRICTION	60	/* fatal */
 #define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
 #define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
 #define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
-#define TLS1_AD_USER_CANCLED		90
+#define TLS1_AD_USER_CANCELLED		90
 #define TLS1_AD_NO_RENEGOTIATION	100
 
+/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+ * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+ * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
+ * shouldn't. */
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061
 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062
@@ -92,6 +96,13 @@ extern "C" {
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
 
+/* XXX
+ * Inconsistency alert:
+ * The OpenSSL names of ciphers with ephemeral DH here include the string
+ * "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".)
+ * The specifications speak of "EDH"; maybe we should allow both forms
+ * for everything. */
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"