Disable SHA-2 ciphersuites in < TLS 1.2 connections.
authorBodo Möller <bodo@openssl.org>
Tue, 17 Apr 2012 15:20:17 +0000 (15:20 +0000)
committerBodo Möller <bodo@openssl.org>
Tue, 17 Apr 2012 15:20:17 +0000 (15:20 +0000)
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley

CHANGES
ssl/s3_lib.c

diff --git a/CHANGES b/CHANGES
index 60f245b..39cf1d3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
 
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
+
   *) Workarounds for some broken servers that "hang" if a client hello
      record length exceeds 255 bytes.
 
index db75479..fb60cde 100644 (file)
@@ -1081,7 +1081,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_eNULL,
        SSL_SHA256,
-       SSL_SSLV3,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
@@ -1097,7 +1097,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1113,7 +1113,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1129,7 +1129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1145,7 +1145,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1161,7 +1161,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1395,7 +1395,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1411,7 +1411,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1427,7 +1427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1443,7 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1459,7 +1459,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1475,7 +1475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1491,7 +1491,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,