diff options
| author | jsing <> | 2014-07-08 22:09:01 +0000 |
|---|---|---|
| committer | jsing <> | 2014-07-08 22:09:01 +0000 |
| commit | c5c97cd459113ced2d886ac8b19c7d8740b78606 (patch) | |
| tree | 7367da9f1f4047c0875858fa17fc81e529bce74f /src | |
| parent | bef21e6eb35f2cef06c55b492f3b8b61800e472d (diff) | |
| download | openbsd-c5c97cd459113ced2d886ac8b19c7d8740b78606.tar.gz openbsd-c5c97cd459113ced2d886ac8b19c7d8740b78606.tar.bz2 openbsd-c5c97cd459113ced2d886ac8b19c7d8740b78606.zip | |
Mark the weakened 40-bit export ciphers as invalid - no one in their right
mind should be using them.
ok deraadt@ miod@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 18 |
2 files changed, 18 insertions, 18 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e1c18bd10d..f98094181d 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.64 2014/07/08 21:50:40 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.65 2014/07/08 22:09:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -204,7 +204,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 204 | 204 | ||
| 205 | /* Cipher 03 */ | 205 | /* Cipher 03 */ |
| 206 | { | 206 | { |
| 207 | .valid = 1, | 207 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 208 | .name = SSL3_TXT_RSA_RC4_40_MD5, | 208 | .name = SSL3_TXT_RSA_RC4_40_MD5, |
| 209 | .id = SSL3_CK_RSA_RC4_40_MD5, | 209 | .id = SSL3_CK_RSA_RC4_40_MD5, |
| 210 | .algorithm_mkey = SSL_kRSA, | 210 | .algorithm_mkey = SSL_kRSA, |
| @@ -252,7 +252,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 252 | 252 | ||
| 253 | /* Cipher 06 */ | 253 | /* Cipher 06 */ |
| 254 | { | 254 | { |
| 255 | .valid = 1, | 255 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 256 | .name = SSL3_TXT_RSA_RC2_40_MD5, | 256 | .name = SSL3_TXT_RSA_RC2_40_MD5, |
| 257 | .id = SSL3_CK_RSA_RC2_40_MD5, | 257 | .id = SSL3_CK_RSA_RC2_40_MD5, |
| 258 | .algorithm_mkey = SSL_kRSA, | 258 | .algorithm_mkey = SSL_kRSA, |
| @@ -286,7 +286,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 286 | 286 | ||
| 287 | /* Cipher 08 */ | 287 | /* Cipher 08 */ |
| 288 | { | 288 | { |
| 289 | .valid = 1, | 289 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 290 | .name = SSL3_TXT_RSA_DES_40_CBC_SHA, | 290 | .name = SSL3_TXT_RSA_DES_40_CBC_SHA, |
| 291 | .id = SSL3_CK_RSA_DES_40_CBC_SHA, | 291 | .id = SSL3_CK_RSA_DES_40_CBC_SHA, |
| 292 | .algorithm_mkey = SSL_kRSA, | 292 | .algorithm_mkey = SSL_kRSA, |
| @@ -335,7 +335,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 335 | /* The DH ciphers */ | 335 | /* The DH ciphers */ |
| 336 | /* Cipher 0B */ | 336 | /* Cipher 0B */ |
| 337 | { | 337 | { |
| 338 | .valid = 0, | 338 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 339 | .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | 339 | .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, |
| 340 | .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, | 340 | .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, |
| 341 | .algorithm_mkey = SSL_kDHd, | 341 | .algorithm_mkey = SSL_kDHd, |
| @@ -432,7 +432,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 432 | /* The Ephemeral DH ciphers */ | 432 | /* The Ephemeral DH ciphers */ |
| 433 | /* Cipher 11 */ | 433 | /* Cipher 11 */ |
| 434 | { | 434 | { |
| 435 | .valid = 1, | 435 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 436 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 436 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
| 437 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 437 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
| 438 | .algorithm_mkey = SSL_kEDH, | 438 | .algorithm_mkey = SSL_kEDH, |
| @@ -480,7 +480,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 480 | 480 | ||
| 481 | /* Cipher 14 */ | 481 | /* Cipher 14 */ |
| 482 | { | 482 | { |
| 483 | .valid = 1, | 483 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 484 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 484 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
| 485 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 485 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
| 486 | .algorithm_mkey = SSL_kEDH, | 486 | .algorithm_mkey = SSL_kEDH, |
| @@ -528,7 +528,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 528 | 528 | ||
| 529 | /* Cipher 17 */ | 529 | /* Cipher 17 */ |
| 530 | { | 530 | { |
| 531 | .valid = 1, | 531 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 532 | .name = SSL3_TXT_ADH_RC4_40_MD5, | 532 | .name = SSL3_TXT_ADH_RC4_40_MD5, |
| 533 | .id = SSL3_CK_ADH_RC4_40_MD5, | 533 | .id = SSL3_CK_ADH_RC4_40_MD5, |
| 534 | .algorithm_mkey = SSL_kEDH, | 534 | .algorithm_mkey = SSL_kEDH, |
| @@ -560,7 +560,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 560 | 560 | ||
| 561 | /* Cipher 19 */ | 561 | /* Cipher 19 */ |
| 562 | { | 562 | { |
| 563 | .valid = 1, | 563 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 564 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, | 564 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, |
| 565 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, | 565 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, |
| 566 | .algorithm_mkey = SSL_kEDH, | 566 | .algorithm_mkey = SSL_kEDH, |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index e1c18bd10d..f98094181d 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.64 2014/07/08 21:50:40 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.65 2014/07/08 22:09:01 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -204,7 +204,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 204 | 204 | ||
| 205 | /* Cipher 03 */ | 205 | /* Cipher 03 */ |
| 206 | { | 206 | { |
| 207 | .valid = 1, | 207 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 208 | .name = SSL3_TXT_RSA_RC4_40_MD5, | 208 | .name = SSL3_TXT_RSA_RC4_40_MD5, |
| 209 | .id = SSL3_CK_RSA_RC4_40_MD5, | 209 | .id = SSL3_CK_RSA_RC4_40_MD5, |
| 210 | .algorithm_mkey = SSL_kRSA, | 210 | .algorithm_mkey = SSL_kRSA, |
| @@ -252,7 +252,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 252 | 252 | ||
| 253 | /* Cipher 06 */ | 253 | /* Cipher 06 */ |
| 254 | { | 254 | { |
| 255 | .valid = 1, | 255 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 256 | .name = SSL3_TXT_RSA_RC2_40_MD5, | 256 | .name = SSL3_TXT_RSA_RC2_40_MD5, |
| 257 | .id = SSL3_CK_RSA_RC2_40_MD5, | 257 | .id = SSL3_CK_RSA_RC2_40_MD5, |
| 258 | .algorithm_mkey = SSL_kRSA, | 258 | .algorithm_mkey = SSL_kRSA, |
| @@ -286,7 +286,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 286 | 286 | ||
| 287 | /* Cipher 08 */ | 287 | /* Cipher 08 */ |
| 288 | { | 288 | { |
| 289 | .valid = 1, | 289 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 290 | .name = SSL3_TXT_RSA_DES_40_CBC_SHA, | 290 | .name = SSL3_TXT_RSA_DES_40_CBC_SHA, |
| 291 | .id = SSL3_CK_RSA_DES_40_CBC_SHA, | 291 | .id = SSL3_CK_RSA_DES_40_CBC_SHA, |
| 292 | .algorithm_mkey = SSL_kRSA, | 292 | .algorithm_mkey = SSL_kRSA, |
| @@ -335,7 +335,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 335 | /* The DH ciphers */ | 335 | /* The DH ciphers */ |
| 336 | /* Cipher 0B */ | 336 | /* Cipher 0B */ |
| 337 | { | 337 | { |
| 338 | .valid = 0, | 338 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 339 | .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | 339 | .name = SSL3_TXT_DH_DSS_DES_40_CBC_SHA, |
| 340 | .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, | 340 | .id = SSL3_CK_DH_DSS_DES_40_CBC_SHA, |
| 341 | .algorithm_mkey = SSL_kDHd, | 341 | .algorithm_mkey = SSL_kDHd, |
| @@ -432,7 +432,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 432 | /* The Ephemeral DH ciphers */ | 432 | /* The Ephemeral DH ciphers */ |
| 433 | /* Cipher 11 */ | 433 | /* Cipher 11 */ |
| 434 | { | 434 | { |
| 435 | .valid = 1, | 435 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 436 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 436 | .name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
| 437 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 437 | .id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
| 438 | .algorithm_mkey = SSL_kEDH, | 438 | .algorithm_mkey = SSL_kEDH, |
| @@ -480,7 +480,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 480 | 480 | ||
| 481 | /* Cipher 14 */ | 481 | /* Cipher 14 */ |
| 482 | { | 482 | { |
| 483 | .valid = 1, | 483 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 484 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 484 | .name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
| 485 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 485 | .id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
| 486 | .algorithm_mkey = SSL_kEDH, | 486 | .algorithm_mkey = SSL_kEDH, |
| @@ -528,7 +528,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 528 | 528 | ||
| 529 | /* Cipher 17 */ | 529 | /* Cipher 17 */ |
| 530 | { | 530 | { |
| 531 | .valid = 1, | 531 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 532 | .name = SSL3_TXT_ADH_RC4_40_MD5, | 532 | .name = SSL3_TXT_ADH_RC4_40_MD5, |
| 533 | .id = SSL3_CK_ADH_RC4_40_MD5, | 533 | .id = SSL3_CK_ADH_RC4_40_MD5, |
| 534 | .algorithm_mkey = SSL_kEDH, | 534 | .algorithm_mkey = SSL_kEDH, |
| @@ -560,7 +560,7 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 560 | 560 | ||
| 561 | /* Cipher 19 */ | 561 | /* Cipher 19 */ |
| 562 | { | 562 | { |
| 563 | .valid = 1, | 563 | .valid = 0, /* Weakened 40-bit export cipher. */ |
| 564 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, | 564 | .name = SSL3_TXT_ADH_DES_40_CBC_SHA, |
| 565 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, | 565 | .id = SSL3_CK_ADH_DES_40_CBC_SHA, |
| 566 | .algorithm_mkey = SSL_kEDH, | 566 | .algorithm_mkey = SSL_kEDH, |