Remove the original (pre-IETF) chacha20-poly1305 cipher suites.

Support for the IETF standardised chacha20-poly1305 cipher suites was added 16 months ago, which means they exist in both of the currently supported OpenBSD releases. Also prompted by Andreas Bartelt <obsd at bartula dot de>. ok beck@ doug@
author: jsing <> 2017-08-28 16:37:04 +0000
committer: jsing <> 2017-08-28 16:37:04 +0000
commit: 06777404d5d3c9d777364d633ff082f434d357d5 (patch)
tree: 7a497786c0d665cfdd18ae5f1a51814d2866dc5d /src/lib/libssl/s3_lib.c
parent: 25258122ceacc0befc2dd3c6150cc89fd6c00a7a (diff)
download: openbsd-06777404d5d3c9d777364d633ff082f434d357d5.tar.gz
openbsd-06777404d5d3c9d777364d633ff082f434d357d5.tar.bz2
openbsd-06777404d5d3c9d777364d633ff082f434d357d5.zip
1 files changed, 1 insertions, 52 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index acbe30d804..bbf0444c21 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.158 2017/08/12 21:03:08 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.159 2017/08/28 16:37:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1299,57 +1299,6 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
-        /* Cipher CC13 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
-                .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
-                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        /* Cipher CC14 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
-                .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
-                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        /* Cipher CC15 */
-        {
-                .valid = 1,
-                .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD,
-                .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CHACHA20POLY1305_OLD,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
-                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
        /* Cipher CCA8 */
        {
                .valid = 1,
author	jsing <>	2017-08-28 16:37:04 +0000
committer	jsing <>	2017-08-28 16:37:04 +0000
commit	06777404d5d3c9d777364d633ff082f434d357d5 (patch)
tree	7a497786c0d665cfdd18ae5f1a51814d2866dc5d /src/lib/libssl/s3_lib.c
parent	25258122ceacc0befc2dd3c6150cc89fd6c00a7a (diff)
download	openbsd-06777404d5d3c9d777364d633ff082f434d357d5.tar.gz openbsd-06777404d5d3c9d777364d633ff082f434d357d5.tar.bz2 openbsd-06777404d5d3c9d777364d633ff082f434d357d5.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index acbe30d804..bbf0444c21 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.158 2017/08/12 21:03:08 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.159 2017/08/28 16:37:04 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1299,57 +1299,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1299	.alg_bits = 256,	1299	.alg_bits = 256,
1300	},	1300	},
1301		1301
1302	/* Cipher CC13 */
1303	{
1304	.valid = 1,
1305	.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
1306	.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
1307	.algorithm_mkey = SSL_kECDHE,
1308	.algorithm_auth = SSL_aRSA,
1309	.algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1310	.algorithm_mac = SSL_AEAD,
1311	.algorithm_ssl = SSL_TLSV1_2,
1312	.algo_strength = SSL_HIGH,
1313	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|
1314	SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(0),
1315	.strength_bits = 256,
1316	.alg_bits = 256,
1317	},
1318
1319	/* Cipher CC14 */
1320	{
1321	.valid = 1,
1322	.name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
1323	.id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
1324	.algorithm_mkey = SSL_kECDHE,
1325	.algorithm_auth = SSL_aECDSA,
1326	.algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1327	.algorithm_mac = SSL_AEAD,
1328	.algorithm_ssl = SSL_TLSV1_2,
1329	.algo_strength = SSL_HIGH,
1330	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|
1331	SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(0),
1332	.strength_bits = 256,
1333	.alg_bits = 256,
1334	},
1335
1336	/* Cipher CC15 */
1337	{
1338	.valid = 1,
1339	.name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD,
1340	.id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD,
1341	.algorithm_mkey = SSL_kDHE,
1342	.algorithm_auth = SSL_aRSA,
1343	.algorithm_enc = SSL_CHACHA20POLY1305_OLD,
1344	.algorithm_mac = SSL_AEAD,
1345	.algorithm_ssl = SSL_TLSV1_2,
1346	.algo_strength = SSL_HIGH,
1347	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256\|
1348	SSL_CIPHER_ALGORITHM2_AEAD\|FIXED_NONCE_LEN(0),
1349	.strength_bits = 256,
1350	.alg_bits = 256,
1351	},
1352
1353	/* Cipher CCA8 */	1302	/* Cipher CCA8 */
1354	{	1303	{
1355	.valid = 1,	1304	.valid = 1,