Disable new TLS1 ciphersuites.
authorBen Laurie <ben@openssl.org>
Sat, 6 Mar 1999 15:21:02 +0000 (15:21 +0000)
committerBen Laurie <ben@openssl.org>
Sat, 6 Mar 1999 15:21:02 +0000 (15:21 +0000)
CHANGES
ssl/s3_lib.c
ssl/tls1.h

diff --git a/CHANGES b/CHANGES
index 7aea464..4f8e8bc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
   *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
      on the `perl Configure ...' command line. This way one can compile
      OpenSSL libraries with Position Independent Code (PIC) which is needed
index c32b716..78afd87 100644 (file)
@@ -355,6 +355,7 @@ SSL_CIPHER ssl3_ciphers[]={
        SSL_ALL_CIPHERS,
        },
 
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
        /* New TLS Export CipherSuites */
        /* Cipher 60 */
            {
@@ -383,6 +384,7 @@ SSL_CIPHER ssl3_ciphers[]={
            0,
            SSL_ALL_CIPHERS
            },
+#endif
 
 /* end of list */
        };
index 8d47ae5..780beea 100644 (file)
@@ -65,6 +65,8 @@
 extern "C" {
 #endif
 
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES   0
+
 #define TLS1_VERSION                   0x0301
 #define TLS1_VERSION_MAJOR             0x03
 #define TLS1_VERSION_MINOR             0x01