Add CVE to CHANGES
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Changes between 1.0.2h and 1.1.0 [xx XXX xxxx]
Changes between 1.0.2h and 1.1.0 [xx XXX xxxx]
- *) Because of the SWEET32 attack, 3DES cipher suites have been disabled by
- default like RC4. See the RC4 item below to re-enable both.
+ *) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites
+ have been disabled by default and removed from DEFAULT, just like RC4.
+ See the RC4 item below to re-enable both.
[Rich Salz]
*) The method for finding the storage location for the Windows RAND seed file
[Rich Salz]
*) The method for finding the storage location for the Windows RAND seed file
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/*
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/*
- * The list of available ciphers, organized into the following
+ * The list of available ciphers, mostly organized into the following
* groups:
* Always there
* EC
* groups:
* Always there
* EC
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_SHA1,
SSL3_VERSION, TLS1_2_VERSION,
DTLS1_BAD_VER, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,