diff options
| author | itojun <> | 2002-06-07 19:55:34 +0000 |
|---|---|---|
| committer | itojun <> | 2002-06-07 19:55:34 +0000 |
| commit | aeb88e094684c8cbe20ea2e6e932587da062b6d3 (patch) | |
| tree | 96af09b1ea111c2c17858cddac37302d0c8d5aa9 /src/lib/libssl/ssl_ciph.c | |
| parent | 935b3b5aa10e83786ce15468a8f84ab3a7d12f77 (diff) | |
| download | openbsd-aeb88e094684c8cbe20ea2e6e932587da062b6d3.tar.gz openbsd-aeb88e094684c8cbe20ea2e6e932587da062b6d3.tar.bz2 openbsd-aeb88e094684c8cbe20ea2e6e932587da062b6d3.zip | |
do not propose IDEA cipher on SSL connection. tested by beck
noticed by Sverre Froyen <sverre@viewmark.com>
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index cdd8dde128..57bbde5f27 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -124,7 +124,9 @@ static const SSL_CIPHER cipher_aliases[]={ | |||
| 124 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, | 124 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 125 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, | 125 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, |
| 126 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, | 126 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, |
| 127 | #ifndef OPENSSL_NO_IDEA | ||
| 127 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, | 128 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 129 | #endif | ||
| 128 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, | 130 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 129 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | 131 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 130 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | 132 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
| @@ -165,8 +167,12 @@ static void load_ciphers(void) | |||
| 165 | EVP_get_cipherbyname(SN_rc4); | 167 | EVP_get_cipherbyname(SN_rc4); |
| 166 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 168 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 167 | EVP_get_cipherbyname(SN_rc2_cbc); | 169 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 170 | #ifndef OPENSSL_NO_IDEA | ||
| 168 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 171 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 169 | EVP_get_cipherbyname(SN_idea_cbc); | 172 | EVP_get_cipherbyname(SN_idea_cbc); |
| 173 | #else | ||
| 174 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | ||
| 175 | #endif | ||
| 170 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 176 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 171 | EVP_get_cipherbyname(SN_aes_128_cbc); | 177 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 172 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 178 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |