recent changes from 0.9.8: fix cipher list order in s3_lib.c,

author Nils Larsch <nils@openssl.org>

Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)

committer Nils Larsch <nils@openssl.org>

Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)
author Nils Larsch <nils@openssl.org>
Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)
committer Nils Larsch <nils@openssl.org>
Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)
diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c

index 115dc11a7e49bd5fc89456a1d970196a3e1a55a4..c6099efcf75726b72b1b47d83a03c21d8b81bb4a 100644 (file)
--- a/ssl/s23_meth.c
+++ b/ssl/s23_meth.c
@@ -63,13 +63,21 @@
  static const SSL_METHOD *ssl23_get_method(int ver);
  static const SSL_METHOD *ssl23_get_method(int ver)
         {
  static const SSL_METHOD *ssl23_get_method(int ver);
  static const SSL_METHOD *ssl23_get_method(int ver)
         {
+#ifndef OPENSSL_NO_SSL2
         if (ver == SSL2_VERSION)
                 return(SSLv2_method());
         if (ver == SSL2_VERSION)
                 return(SSLv2_method());
-       else if (ver == SSL3_VERSION)
+       else
+#endif
+#ifndef OPENSSL_NO_SSL3
+       if (ver == SSL3_VERSION)
                 return(SSLv3_method());
                 return(SSLv3_method());
-       else if (ver == TLS1_VERSION)
+       else
+#endif
+#ifndef OPENSSL_NO_TLS1
+       if (ver == TLS1_VERSION)
                 return(TLSv1_method());
         else
                 return(TLSv1_method());
         else
+#endif
                 return(NULL);
         }
  
                 return(NULL);
         }
  
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 3b87222166d00e51934bc5206cb872cfa3a3ac79..6ccd8b132481aceaaec66c76af834409c8b00390 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -901,6 +901,102 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_ALL_STRENGTHS,
         },
  
         SSL_ALL_STRENGTHS,
         },
  
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+       /* New TLS Export CipherSuites from expired ID */
+#if 0
+       /* Cipher 60 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 61 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+#endif
+       /* Cipher 62 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+           TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           56,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 63 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+           TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           56,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 64 */
+           {
+           1,
+           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 65 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+           TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_EXPORT|SSL_EXP56,
+           0,
+           56,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS,
+           },
+       /* Cipher 66 */
+           {
+           1,
+           TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+           TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+           SSL_NOT_EXP|SSL_MEDIUM,
+           0,
+           128,
+           128,
+           SSL_ALL_CIPHERS,
+           SSL_ALL_STRENGTHS
+           },
+#endif
  #ifndef OPENSSL_NO_ECDH
         /* Cipher C001 */
             {
  #ifndef OPENSSL_NO_ECDH
         /* Cipher C001 */
             {
@@ -1253,103 +1349,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
              },
  #endif /* OPENSSL_NO_ECDH */
  
              },
  #endif /* OPENSSL_NO_ECDH */
  
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-       /* New TLS Export CipherSuites from expired ID */
-#if 0
-       /* Cipher 60 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 61 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-           SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-#endif
-       /* Cipher 62 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 63 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           56,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 64 */
-           {
-           1,
-           TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 65 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_EXPORT|SSL_EXP56,
-           0,
-           56,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS,
-           },
-       /* Cipher 66 */
-           {
-           1,
-           TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-           TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-           SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
-           SSL_NOT_EXP|SSL_MEDIUM,
-           0,
-           128,
-           128,
-           SSL_ALL_CIPHERS,
-           SSL_ALL_STRENGTHS
-           },
-#endif
-
  /* end of list */
         };
  
  /* end of list */
         };
  
diff --git a/ssl/ssltest.c b/ssl/ssltest.c

index 5f74c51b38907fb83f9496f4d35e329d66e92d62..9b7a387ba39d3f3e27956bbe1f846e2756688949 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -2241,6 +2241,7 @@ static int do_test_cipherlist(void)
         const SSL_METHOD *meth;
         SSL_CIPHER *ci, *tci = NULL;
  
         const SSL_METHOD *meth;
         SSL_CIPHER *ci, *tci = NULL;
  
+#ifndef OPENSSL_NO_SSL2
         fprintf(stderr, "testing SSLv2 cipher list order: ");
         meth = SSLv2_method();
         while ((ci = meth->get_cipher(i++)) != NULL)
         fprintf(stderr, "testing SSLv2 cipher list order: ");
         meth = SSLv2_method();
         while ((ci = meth->get_cipher(i++)) != NULL)
@@ -2254,7 +2255,8 @@ static int do_test_cipherlist(void)
                 tci = ci;
                 }
         fprintf(stderr, "ok\n");
                 tci = ci;
                 }
         fprintf(stderr, "ok\n");
-
+#endif
+#ifndef OPENSSL_NO_SSL3
         fprintf(stderr, "testing SSLv3 cipher list order: ");
         meth = SSLv3_method();
         tci = NULL;
         fprintf(stderr, "testing SSLv3 cipher list order: ");
         meth = SSLv3_method();
         tci = NULL;
@@ -2269,7 +2271,8 @@ static int do_test_cipherlist(void)
                 tci = ci;
                 }
         fprintf(stderr, "ok\n");
                 tci = ci;
                 }
         fprintf(stderr, "ok\n");
-
+#endif
+#ifndef OPENSSL_NO_TLS1
         fprintf(stderr, "testing TLSv1 cipher list order: ");
         meth = TLSv1_method();
         tci = NULL;
         fprintf(stderr, "testing TLSv1 cipher list order: ");
         meth = TLSv1_method();
         tci = NULL;
@@ -2284,6 +2287,7 @@ static int do_test_cipherlist(void)
                 tci = ci;
                 }
         fprintf(stderr, "ok\n");
                 tci = ci;
                 }
         fprintf(stderr, "ok\n");
+#endif
  
         return 1;
         }
  
         return 1;
         }
author	Nils Larsch <nils@openssl.org>
	Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)
committer	Nils Larsch <nils@openssl.org>
	Sun, 15 Jan 2006 17:35:28 +0000 (17:35 +0000)
ssl/s23_meth.c		patch \| blob \| history
ssl/s3_lib.c		patch \| blob \| history
ssl/ssltest.c		patch \| blob \| history