Adjust cipher suite strengths - move MD5 to LOW, RC4 to LOW and 3DES to

MEDIUM. ok beck@ bcook@
author: jsing <> 2016-11-06 13:11:40 +0000
committer: jsing <> 2016-11-06 13:11:40 +0000
commit: e843203f68c93a86a5676169443b79795cc060ba (patch)
tree: c63cae00102f0826d2f7952ee42d25b202f88821
parent: 0ac9b749af1ef4efe518a5d5fd7336d39eec7e3b (diff)
download: openbsd-e843203f68c93a86a5676169443b79795cc060ba.tar.gz
openbsd-e843203f68c93a86a5676169443b79795cc060ba.tar.bz2
openbsd-e843203f68c93a86a5676169443b79795cc060ba.zip
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 8a7a98507a..e66394a491 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.111 2016/11/06 12:08:32 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.112 2016/11/06 13:11:40 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -212,7 +212,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_RC4,
                .algorithm_mac = SSL_MD5,
                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
+                .algo_strength = SSL_LOW,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 128,
                .alg_bits = 128,
@@ -228,7 +228,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_RC4,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
+                .algo_strength = SSL_LOW,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 128,
                .alg_bits = 128,
@@ -260,7 +260,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_3DES,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_HIGH,
+                .algo_strength = SSL_MEDIUM,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 112,
                .alg_bits = 168,
@@ -296,7 +296,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_3DES,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_HIGH,
+                .algo_strength = SSL_MEDIUM,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 112,
                .alg_bits = 168,
@@ -328,7 +328,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_3DES,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_HIGH,
+                .algo_strength = SSL_MEDIUM,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 112,
                .alg_bits = 168,
@@ -344,7 +344,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_RC4,
                .algorithm_mac = SSL_MD5,
                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
+                .algo_strength = SSL_LOW,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 128,
                .alg_bits = 128,
@@ -376,7 +376,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_3DES,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_HIGH,
+                .algo_strength = SSL_MEDIUM,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 112,
                .alg_bits = 168,
@@ -1137,7 +1137,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_RC4,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_MEDIUM,
+                .algo_strength = SSL_LOW,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 128,
                .alg_bits = 128,
@@ -1153,7 +1153,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_3DES,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
+                .algo_strength = SSL_MEDIUM,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 112,
                .alg_bits = 168,
@@ -1217,7 +1217,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_RC4,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_MEDIUM,
+                .algo_strength = SSL_LOW,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 128,
                .alg_bits = 128,
@@ -1297,7 +1297,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_RC4,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_MEDIUM,
+                .algo_strength = SSL_LOW,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 128,
                .alg_bits = 128,
@@ -1313,7 +1313,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm_enc = SSL_3DES,
                .algorithm_mac = SSL_SHA1,
                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
+                .algo_strength = SSL_MEDIUM,
                .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
                .strength_bits = 112,
                .alg_bits = 168,
author	jsing <>	2016-11-06 13:11:40 +0000
committer	jsing <>	2016-11-06 13:11:40 +0000
commit	e843203f68c93a86a5676169443b79795cc060ba (patch)
tree	c63cae00102f0826d2f7952ee42d25b202f88821
parent	0ac9b749af1ef4efe518a5d5fd7336d39eec7e3b (diff)
download	openbsd-e843203f68c93a86a5676169443b79795cc060ba.tar.gz openbsd-e843203f68c93a86a5676169443b79795cc060ba.tar.bz2 openbsd-e843203f68c93a86a5676169443b79795cc060ba.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 8a7a98507a..e66394a491 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.111 2016/11/06 12:08:32 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.112 2016/11/06 13:11:40 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -212,7 +212,7 @@ SSL_CIPHER ssl3_ciphers[] = {
212	.algorithm_enc = SSL_RC4,	212	.algorithm_enc = SSL_RC4,
213	.algorithm_mac = SSL_MD5,	213	.algorithm_mac = SSL_MD5,
214	.algorithm_ssl = SSL_SSLV3,	214	.algorithm_ssl = SSL_SSLV3,
215	.algo_strength = SSL_MEDIUM,	215	.algo_strength = SSL_LOW,
216	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	216	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
217	.strength_bits = 128,	217	.strength_bits = 128,
218	.alg_bits = 128,	218	.alg_bits = 128,
@@ -228,7 +228,7 @@ SSL_CIPHER ssl3_ciphers[] = {
228	.algorithm_enc = SSL_RC4,	228	.algorithm_enc = SSL_RC4,
229	.algorithm_mac = SSL_SHA1,	229	.algorithm_mac = SSL_SHA1,
230	.algorithm_ssl = SSL_SSLV3,	230	.algorithm_ssl = SSL_SSLV3,
231	.algo_strength = SSL_MEDIUM,	231	.algo_strength = SSL_LOW,
232	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	232	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
233	.strength_bits = 128,	233	.strength_bits = 128,
234	.alg_bits = 128,	234	.alg_bits = 128,
@@ -260,7 +260,7 @@ SSL_CIPHER ssl3_ciphers[] = {
260	.algorithm_enc = SSL_3DES,	260	.algorithm_enc = SSL_3DES,
261	.algorithm_mac = SSL_SHA1,	261	.algorithm_mac = SSL_SHA1,
262	.algorithm_ssl = SSL_SSLV3,	262	.algorithm_ssl = SSL_SSLV3,
263	.algo_strength = SSL_HIGH,	263	.algo_strength = SSL_MEDIUM,
264	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	264	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
265	.strength_bits = 112,	265	.strength_bits = 112,
266	.alg_bits = 168,	266	.alg_bits = 168,
@@ -296,7 +296,7 @@ SSL_CIPHER ssl3_ciphers[] = {
296	.algorithm_enc = SSL_3DES,	296	.algorithm_enc = SSL_3DES,
297	.algorithm_mac = SSL_SHA1,	297	.algorithm_mac = SSL_SHA1,
298	.algorithm_ssl = SSL_SSLV3,	298	.algorithm_ssl = SSL_SSLV3,
299	.algo_strength = SSL_HIGH,	299	.algo_strength = SSL_MEDIUM,
300	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	300	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
301	.strength_bits = 112,	301	.strength_bits = 112,
302	.alg_bits = 168,	302	.alg_bits = 168,
@@ -328,7 +328,7 @@ SSL_CIPHER ssl3_ciphers[] = {
328	.algorithm_enc = SSL_3DES,	328	.algorithm_enc = SSL_3DES,
329	.algorithm_mac = SSL_SHA1,	329	.algorithm_mac = SSL_SHA1,
330	.algorithm_ssl = SSL_SSLV3,	330	.algorithm_ssl = SSL_SSLV3,
331	.algo_strength = SSL_HIGH,	331	.algo_strength = SSL_MEDIUM,
332	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	332	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
333	.strength_bits = 112,	333	.strength_bits = 112,
334	.alg_bits = 168,	334	.alg_bits = 168,
@@ -344,7 +344,7 @@ SSL_CIPHER ssl3_ciphers[] = {
344	.algorithm_enc = SSL_RC4,	344	.algorithm_enc = SSL_RC4,
345	.algorithm_mac = SSL_MD5,	345	.algorithm_mac = SSL_MD5,
346	.algorithm_ssl = SSL_SSLV3,	346	.algorithm_ssl = SSL_SSLV3,
347	.algo_strength = SSL_MEDIUM,	347	.algo_strength = SSL_LOW,
348	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	348	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
349	.strength_bits = 128,	349	.strength_bits = 128,
350	.alg_bits = 128,	350	.alg_bits = 128,
@@ -376,7 +376,7 @@ SSL_CIPHER ssl3_ciphers[] = {
376	.algorithm_enc = SSL_3DES,	376	.algorithm_enc = SSL_3DES,
377	.algorithm_mac = SSL_SHA1,	377	.algorithm_mac = SSL_SHA1,
378	.algorithm_ssl = SSL_SSLV3,	378	.algorithm_ssl = SSL_SSLV3,
379	.algo_strength = SSL_HIGH,	379	.algo_strength = SSL_MEDIUM,
380	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	380	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
381	.strength_bits = 112,	381	.strength_bits = 112,
382	.alg_bits = 168,	382	.alg_bits = 168,
@@ -1137,7 +1137,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1137	.algorithm_enc = SSL_RC4,	1137	.algorithm_enc = SSL_RC4,
1138	.algorithm_mac = SSL_SHA1,	1138	.algorithm_mac = SSL_SHA1,
1139	.algorithm_ssl = SSL_TLSV1,	1139	.algorithm_ssl = SSL_TLSV1,
1140	.algo_strength = SSL_MEDIUM,	1140	.algo_strength = SSL_LOW,
1141	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	1141	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1142	.strength_bits = 128,	1142	.strength_bits = 128,
1143	.alg_bits = 128,	1143	.alg_bits = 128,
@@ -1153,7 +1153,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1153	.algorithm_enc = SSL_3DES,	1153	.algorithm_enc = SSL_3DES,
1154	.algorithm_mac = SSL_SHA1,	1154	.algorithm_mac = SSL_SHA1,
1155	.algorithm_ssl = SSL_TLSV1,	1155	.algorithm_ssl = SSL_TLSV1,
1156	.algo_strength = SSL_HIGH,	1156	.algo_strength = SSL_MEDIUM,
1157	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	1157	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1158	.strength_bits = 112,	1158	.strength_bits = 112,
1159	.alg_bits = 168,	1159	.alg_bits = 168,
@@ -1217,7 +1217,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1217	.algorithm_enc = SSL_RC4,	1217	.algorithm_enc = SSL_RC4,
1218	.algorithm_mac = SSL_SHA1,	1218	.algorithm_mac = SSL_SHA1,
1219	.algorithm_ssl = SSL_TLSV1,	1219	.algorithm_ssl = SSL_TLSV1,
1220	.algo_strength = SSL_MEDIUM,	1220	.algo_strength = SSL_LOW,
1221	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	1221	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1222	.strength_bits = 128,	1222	.strength_bits = 128,
1223	.alg_bits = 128,	1223	.alg_bits = 128,
@@ -1297,7 +1297,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1297	.algorithm_enc = SSL_RC4,	1297	.algorithm_enc = SSL_RC4,
1298	.algorithm_mac = SSL_SHA1,	1298	.algorithm_mac = SSL_SHA1,
1299	.algorithm_ssl = SSL_TLSV1,	1299	.algorithm_ssl = SSL_TLSV1,
1300	.algo_strength = SSL_MEDIUM,	1300	.algo_strength = SSL_LOW,
1301	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	1301	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1302	.strength_bits = 128,	1302	.strength_bits = 128,
1303	.alg_bits = 128,	1303	.alg_bits = 128,
@@ -1313,7 +1313,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1313	.algorithm_enc = SSL_3DES,	1313	.algorithm_enc = SSL_3DES,
1314	.algorithm_mac = SSL_SHA1,	1314	.algorithm_mac = SSL_SHA1,
1315	.algorithm_ssl = SSL_TLSV1,	1315	.algorithm_ssl = SSL_TLSV1,
1316	.algo_strength = SSL_HIGH,	1316	.algo_strength = SSL_MEDIUM,
1317	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,	1317	.algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT\|TLS1_PRF,
1318	.strength_bits = 112,	1318	.strength_bits = 112,
1319	.alg_bits = 168,	1319	.alg_bits = 168,