#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
+static const SSL_CIPHER ssl3_ciphers[] = {
/* The RSA ciphers */
/* Cipher 01 */
},
/* Cipher 04 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
128,
128,
},
+#endif
/* Cipher 07 */
#ifndef OPENSSL_NO_IDEA
},
/* Cipher 18 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
128,
128,
},
+#endif
/* Cipher 1B */
{
#ifndef OPENSSL_NO_PSK
/* PSK ciphersuites from RFC 4279 */
/* Cipher 8A */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher 8B */
{
},
/* Cipher 8E */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher 8F */
{
},
/* Cipher 92 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher 93 */
{
},
#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Cipher FF */
- {
- 1,
- "SCSV",
- SSL3_CK_SCSV,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0},
-#endif
-
#ifndef OPENSSL_NO_EC
/* Cipher C006 */
},
/* Cipher C007 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C008 */
{
},
/* Cipher C011 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C012 */
{
},
/* Cipher C016 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C017 */
{
/* PSK ciphersuites from RFC 5489 */
/* Cipher C033 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
128,
128,
},
+#endif
/* Cipher C034 */
{
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
- if (cp == NULL)
- fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
return cp;
}
}
tls1_set_cert_validity(s);
+ ssl_set_masks(s);
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
continue;
- ssl_set_masks(s, c);
mask_k = s->s3->tmp.mask_k;
mask_a = s->s3->tmp.mask_a;
#ifndef OPENSSL_NO_SRP