Mark the weakened 40-bit export ciphers as invalid - no one in their right

mind should be using them. ok deraadt@ miod@
author: jsing <> 2014-07-08 22:09:01 +0000
committer: jsing <> 2014-07-08 22:09:01 +0000
commit: b96ac3957b9269ce45b9c9c867eaafec491d14a6 (patch)
tree: 7367da9f1f4047c0875858fa17fc81e529bce74f
parent: aada90c5a31d6f9946d326fe0849c4b0b8563b69 (diff)
download: openbsd-b96ac3957b9269ce45b9c9c867eaafec491d14a6.tar.gz
openbsd-b96ac3957b9269ce45b9c9c867eaafec491d14a6.tar.bz2
openbsd-b96ac3957b9269ce45b9c9c867eaafec491d14a6.zip
2 files changed, 18 insertions, 18 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e1c18bd10d..f98094181d 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.64 2014/07/08 21:50:40 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.65 2014/07/08 22:09:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -204,7 +204,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 03 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_RSA_RC4_40_MD5,
                .id = SSL3_CK_RSA_RC4_40_MD5,
                .algorithm_mkey = SSL_kRSA,
@@ -252,7 +252,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 06 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_RSA_RC2_40_MD5,
                .id = SSL3_CK_RSA_RC2_40_MD5,
                .algorithm_mkey = SSL_kRSA,
@@ -286,7 +286,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 08 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_RSA_DES_40_CBC_SHA,
                .id = SSL3_CK_RSA_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kRSA,
@@ -335,7 +335,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* The DH ciphers */
        /* Cipher 0B */
        {
-                .valid = 0,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
                .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kDHd,
@@ -432,7 +432,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* The Ephemeral DH ciphers */
        /* Cipher 11 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
                .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kEDH,
@@ -480,7 +480,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 14 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
                .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kEDH,
@@ -528,7 +528,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 17 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_ADH_RC4_40_MD5,
                .id = SSL3_CK_ADH_RC4_40_MD5,
                .algorithm_mkey = SSL_kEDH,
@@ -560,7 +560,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 19 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_ADH_DES_40_CBC_SHA,
                .id = SSL3_CK_ADH_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kEDH,
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index e1c18bd10d..f98094181d 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.64 2014/07/08 21:50:40 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.65 2014/07/08 22:09:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -204,7 +204,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 03 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_RSA_RC4_40_MD5,
                .id = SSL3_CK_RSA_RC4_40_MD5,
                .algorithm_mkey = SSL_kRSA,
@@ -252,7 +252,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 06 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_RSA_RC2_40_MD5,
                .id = SSL3_CK_RSA_RC2_40_MD5,
                .algorithm_mkey = SSL_kRSA,
@@ -286,7 +286,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 08 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_RSA_DES_40_CBC_SHA,
                .id = SSL3_CK_RSA_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kRSA,
@@ -335,7 +335,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* The DH ciphers */
        /* Cipher 0B */
        {
-                .valid = 0,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
                .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kDHd,
@@ -432,7 +432,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* The Ephemeral DH ciphers */
        /* Cipher 11 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
                .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kEDH,
@@ -480,7 +480,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 14 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
                .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kEDH,
@@ -528,7 +528,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 17 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_ADH_RC4_40_MD5,
                .id = SSL3_CK_ADH_RC4_40_MD5,
                .algorithm_mkey = SSL_kEDH,
@@ -560,7 +560,7 @@ SSL_CIPHER ssl3_ciphers[] = {
        /* Cipher 19 */
        {
-                .valid = 1,
+                .valid = 0,     /* Weakened 40-bit export cipher. */
                .name = SSL3_TXT_ADH_DES_40_CBC_SHA,
                .id = SSL3_CK_ADH_DES_40_CBC_SHA,
                .algorithm_mkey = SSL_kEDH,
author	jsing <>	2014-07-08 22:09:01 +0000
committer	jsing <>	2014-07-08 22:09:01 +0000
commit	b96ac3957b9269ce45b9c9c867eaafec491d14a6 (patch)
tree	7367da9f1f4047c0875858fa17fc81e529bce74f
parent	aada90c5a31d6f9946d326fe0849c4b0b8563b69 (diff)
download	openbsd-b96ac3957b9269ce45b9c9c867eaafec491d14a6.tar.gz openbsd-b96ac3957b9269ce45b9c9c867eaafec491d14a6.tar.bz2 openbsd-b96ac3957b9269ce45b9c9c867eaafec491d14a6.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e1c18bd10d..f98094181d 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.64 2014/07/08 21:50:40 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.65 2014/07/08 22:09:01 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -204,7 +204,7 @@ SSL_CIPHER ssl3_ciphers[] = {
204		204
205	/* Cipher 03 */	205	/* Cipher 03 */
206	{	206	{
207	.valid = 1,	207	.valid = 0, /* Weakened 40-bit export cipher. */
208	.name = SSL3_TXT_RSA_RC4_40_MD5,	208	.name = SSL3_TXT_RSA_RC4_40_MD5,
209	.id = SSL3_CK_RSA_RC4_40_MD5,	209	.id = SSL3_CK_RSA_RC4_40_MD5,
210	.algorithm_mkey = SSL_kRSA,	210	.algorithm_mkey = SSL_kRSA,
@@ -252,7 +252,7 @@ SSL_CIPHER ssl3_ciphers[] = {
252		252
253	/* Cipher 06 */	253	/* Cipher 06 */
254	{	254	{
255	.valid = 1,	255	.valid = 0, /* Weakened 40-bit export cipher. */
256	.name = SSL3_TXT_RSA_RC2_40_MD5,	256	.name = SSL3_TXT_RSA_RC2_40_MD5,
257	.id = SSL3_CK_RSA_RC2_40_MD5,	257	.id = SSL3_CK_RSA_RC2_40_MD5,
258	.algorithm_mkey = SSL_kRSA,	258	.algorithm_mkey = SSL_kRSA,
@@ -286,7 +286,7 @@ SSL_CIPHER ssl3_ciphers[] = {
286		286
287	/* Cipher 08 */	287	/* Cipher 08 */
288	{	288	{
289	.valid = 1,	289	.valid = 0, /* Weakened 40-bit export cipher. */
290	.name = SSL3_TXT_RSA_DES_40_CBC_SHA,	290	.name = SSL3_TXT_RSA_DES_40_CBC_SHA,
291	.id = SSL3_CK_RSA_DES_40_CBC_SHA,	291	.id = SSL3_CK_RSA_DES_40_CBC_SHA,
292	.algorithm_mkey = SSL_kRSA,	292	.algorithm_mkey = SSL_kRSA,
@@ -335,7 +335,7 @@ SSL_CIPHER ssl3_ciphers[] = {
335	/* The DH ciphers */	335	/* The DH ciphers */
336	/* Cipher 0B */	336	/* Cipher 0B */
337	{	337	{
338	.valid = 0,	338	.valid = 0, /* Weakened 40-bit export cipher. */
339	.name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA,	339	.name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340	.id = SSL3_CK_DH_DSS_DES_40_CBC_SHA,	340	.id = SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341	.algorithm_mkey = SSL_kDHd,	341	.algorithm_mkey = SSL_kDHd,
@@ -432,7 +432,7 @@ SSL_CIPHER ssl3_ciphers[] = {
432	/* The Ephemeral DH ciphers */	432	/* The Ephemeral DH ciphers */
433	/* Cipher 11 */	433	/* Cipher 11 */
434	{	434	{
435	.valid = 1,	435	.valid = 0, /* Weakened 40-bit export cipher. */
436	.name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,	436	.name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437	.id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,	437	.id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438	.algorithm_mkey = SSL_kEDH,	438	.algorithm_mkey = SSL_kEDH,
@@ -480,7 +480,7 @@ SSL_CIPHER ssl3_ciphers[] = {
480		480
481	/* Cipher 14 */	481	/* Cipher 14 */
482	{	482	{
483	.valid = 1,	483	.valid = 0, /* Weakened 40-bit export cipher. */
484	.name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,	484	.name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485	.id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,	485	.id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486	.algorithm_mkey = SSL_kEDH,	486	.algorithm_mkey = SSL_kEDH,
@@ -528,7 +528,7 @@ SSL_CIPHER ssl3_ciphers[] = {
528		528
529	/* Cipher 17 */	529	/* Cipher 17 */
530	{	530	{
531	.valid = 1,	531	.valid = 0, /* Weakened 40-bit export cipher. */
532	.name = SSL3_TXT_ADH_RC4_40_MD5,	532	.name = SSL3_TXT_ADH_RC4_40_MD5,
533	.id = SSL3_CK_ADH_RC4_40_MD5,	533	.id = SSL3_CK_ADH_RC4_40_MD5,
534	.algorithm_mkey = SSL_kEDH,	534	.algorithm_mkey = SSL_kEDH,
@@ -560,7 +560,7 @@ SSL_CIPHER ssl3_ciphers[] = {
560		560
561	/* Cipher 19 */	561	/* Cipher 19 */
562	{	562	{
563	.valid = 1,	563	.valid = 0, /* Weakened 40-bit export cipher. */
564	.name = SSL3_TXT_ADH_DES_40_CBC_SHA,	564	.name = SSL3_TXT_ADH_DES_40_CBC_SHA,
565	.id = SSL3_CK_ADH_DES_40_CBC_SHA,	565	.id = SSL3_CK_ADH_DES_40_CBC_SHA,
566	.algorithm_mkey = SSL_kEDH,	566	.algorithm_mkey = SSL_kEDH,


diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index e1c18bd10d..f98094181d 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.64 2014/07/08 21:50:40 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.65 2014/07/08 22:09:01 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -204,7 +204,7 @@ SSL_CIPHER ssl3_ciphers[] = {
204		204
205	/* Cipher 03 */	205	/* Cipher 03 */
206	{	206	{
207	.valid = 1,	207	.valid = 0, /* Weakened 40-bit export cipher. */
208	.name = SSL3_TXT_RSA_RC4_40_MD5,	208	.name = SSL3_TXT_RSA_RC4_40_MD5,
209	.id = SSL3_CK_RSA_RC4_40_MD5,	209	.id = SSL3_CK_RSA_RC4_40_MD5,
210	.algorithm_mkey = SSL_kRSA,	210	.algorithm_mkey = SSL_kRSA,
@@ -252,7 +252,7 @@ SSL_CIPHER ssl3_ciphers[] = {
252		252
253	/* Cipher 06 */	253	/* Cipher 06 */
254	{	254	{
255	.valid = 1,	255	.valid = 0, /* Weakened 40-bit export cipher. */
256	.name = SSL3_TXT_RSA_RC2_40_MD5,	256	.name = SSL3_TXT_RSA_RC2_40_MD5,
257	.id = SSL3_CK_RSA_RC2_40_MD5,	257	.id = SSL3_CK_RSA_RC2_40_MD5,
258	.algorithm_mkey = SSL_kRSA,	258	.algorithm_mkey = SSL_kRSA,
@@ -286,7 +286,7 @@ SSL_CIPHER ssl3_ciphers[] = {
286		286
287	/* Cipher 08 */	287	/* Cipher 08 */
288	{	288	{
289	.valid = 1,	289	.valid = 0, /* Weakened 40-bit export cipher. */
290	.name = SSL3_TXT_RSA_DES_40_CBC_SHA,	290	.name = SSL3_TXT_RSA_DES_40_CBC_SHA,
291	.id = SSL3_CK_RSA_DES_40_CBC_SHA,	291	.id = SSL3_CK_RSA_DES_40_CBC_SHA,
292	.algorithm_mkey = SSL_kRSA,	292	.algorithm_mkey = SSL_kRSA,
@@ -335,7 +335,7 @@ SSL_CIPHER ssl3_ciphers[] = {
335	/* The DH ciphers */	335	/* The DH ciphers */
336	/* Cipher 0B */	336	/* Cipher 0B */
337	{	337	{
338	.valid = 0,	338	.valid = 0, /* Weakened 40-bit export cipher. */
339	.name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA,	339	.name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340	.id = SSL3_CK_DH_DSS_DES_40_CBC_SHA,	340	.id = SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341	.algorithm_mkey = SSL_kDHd,	341	.algorithm_mkey = SSL_kDHd,
@@ -432,7 +432,7 @@ SSL_CIPHER ssl3_ciphers[] = {
432	/* The Ephemeral DH ciphers */	432	/* The Ephemeral DH ciphers */
433	/* Cipher 11 */	433	/* Cipher 11 */
434	{	434	{
435	.valid = 1,	435	.valid = 0, /* Weakened 40-bit export cipher. */
436	.name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,	436	.name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437	.id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,	437	.id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438	.algorithm_mkey = SSL_kEDH,	438	.algorithm_mkey = SSL_kEDH,
@@ -480,7 +480,7 @@ SSL_CIPHER ssl3_ciphers[] = {
480		480
481	/* Cipher 14 */	481	/* Cipher 14 */
482	{	482	{
483	.valid = 1,	483	.valid = 0, /* Weakened 40-bit export cipher. */
484	.name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,	484	.name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485	.id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,	485	.id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486	.algorithm_mkey = SSL_kEDH,	486	.algorithm_mkey = SSL_kEDH,
@@ -528,7 +528,7 @@ SSL_CIPHER ssl3_ciphers[] = {
528		528
529	/* Cipher 17 */	529	/* Cipher 17 */
530	{	530	{
531	.valid = 1,	531	.valid = 0, /* Weakened 40-bit export cipher. */
532	.name = SSL3_TXT_ADH_RC4_40_MD5,	532	.name = SSL3_TXT_ADH_RC4_40_MD5,
533	.id = SSL3_CK_ADH_RC4_40_MD5,	533	.id = SSL3_CK_ADH_RC4_40_MD5,
534	.algorithm_mkey = SSL_kEDH,	534	.algorithm_mkey = SSL_kEDH,
@@ -560,7 +560,7 @@ SSL_CIPHER ssl3_ciphers[] = {
560		560
561	/* Cipher 19 */	561	/* Cipher 19 */
562	{	562	{
563	.valid = 1,	563	.valid = 0, /* Weakened 40-bit export cipher. */
564	.name = SSL3_TXT_ADH_DES_40_CBC_SHA,	564	.name = SSL3_TXT_ADH_DES_40_CBC_SHA,
565	.id = SSL3_CK_ADH_DES_40_CBC_SHA,	565	.id = SSL3_CK_ADH_DES_40_CBC_SHA,
566	.algorithm_mkey = SSL_kEDH,	566	.algorithm_mkey = SSL_kEDH,