diff options
| author | doug <> | 2015-07-17 15:50:37 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-17 15:50:37 +0000 |
| commit | 1dfd1cf6c439ce0e41c7f3ac112e6531381c6af7 (patch) | |
| tree | feb649947db1c2e92858c29d6aa7029f188bfa9b /src/lib/libssl/ssl.h | |
| parent | 489dbb57ee3abd9d28ef0c63007d420b6a34b1f4 (diff) | |
| download | openbsd-1dfd1cf6c439ce0e41c7f3ac112e6531381c6af7.tar.gz openbsd-1dfd1cf6c439ce0e41c7f3ac112e6531381c6af7.tar.bz2 openbsd-1dfd1cf6c439ce0e41c7f3ac112e6531381c6af7.zip | |
Remove compat hack that disabled ECDHE-ECDSA on OS X.
For a few old releases, ECDHE-ECDSA was broken on OS X. This option
cannot differentiate between working and broken OS X so it disabled
ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty
releases but these are no longer relevant. Tested on OS X 10.10 by jsing.
ok jsing@
Diffstat (limited to 'src/lib/libssl/ssl.h')
| -rw-r--r-- | src/lib/libssl/ssl.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 84154a5176..33aaadcd20 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.89 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -520,7 +520,6 @@ struct ssl_session_st { | |||
| 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L |
| 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L | 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L |
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
| 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L | ||
| 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L | 523 | #define SSL_OP_TLS_D5_BUG 0x00000100L |
| 525 | 524 | ||
| 526 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 525 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| @@ -575,7 +574,6 @@ struct ssl_session_st { | |||
| 575 | (SSL_OP_LEGACY_SERVER_CONNECT | \ | 574 | (SSL_OP_LEGACY_SERVER_CONNECT | \ |
| 576 | SSL_OP_TLSEXT_PADDING | \ | 575 | SSL_OP_TLSEXT_PADDING | \ |
| 577 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | 576 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ |
| 578 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ | ||
| 579 | SSL_OP_TLS_D5_BUG | \ | 577 | SSL_OP_TLS_D5_BUG | \ |
| 580 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 578 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 581 | 579 | ||
| @@ -590,6 +588,7 @@ struct ssl_session_st { | |||
| 590 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 | 588 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 |
| 591 | #define SSL_OP_PKCS1_CHECK_1 0x0 | 589 | #define SSL_OP_PKCS1_CHECK_1 0x0 |
| 592 | #define SSL_OP_PKCS1_CHECK_2 0x0 | 590 | #define SSL_OP_PKCS1_CHECK_2 0x0 |
| 591 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0 | ||
| 593 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 | 592 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 |
| 594 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 593 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 595 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | 594 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 |