diff options
| author | doug <> | 2015-07-17 16:04:09 +0000 |
|---|---|---|
| committer | doug <> | 2015-07-17 16:04:09 +0000 |
| commit | 4cae62a20c61d269f5c320f29efdc944667583f2 (patch) | |
| tree | 47045cc504fa01475bd2cd69eeb37dd7db0c79ec /src | |
| parent | 1dfd1cf6c439ce0e41c7f3ac112e6531381c6af7 (diff) | |
| download | openbsd-4cae62a20c61d269f5c320f29efdc944667583f2.tar.gz openbsd-4cae62a20c61d269f5c320f29efdc944667583f2.tar.bz2 openbsd-4cae62a20c61d269f5c320f29efdc944667583f2.zip | |
Remove support for SSLv3 from openssl(1) ciphers.
ok miod@ bcook@
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/ciphers.c | 32 |
1 files changed, 5 insertions, 27 deletions
diff --git a/src/usr.bin/openssl/ciphers.c b/src/usr.bin/openssl/ciphers.c index c16a4a637b..fd9e839064 100644 --- a/src/usr.bin/openssl/ciphers.c +++ b/src/usr.bin/openssl/ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ciphers.c,v 1.4 2015/03/02 07:51:25 bcook Exp $ */ | 1 | /* $OpenBSD: ciphers.c,v 1.5 2015/07/17 16:04:09 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -24,7 +24,6 @@ | |||
| 24 | #include "apps.h" | 24 | #include "apps.h" |
| 25 | 25 | ||
| 26 | struct { | 26 | struct { |
| 27 | int ssl_version; | ||
| 28 | int usage; | 27 | int usage; |
| 29 | int verbose; | 28 | int verbose; |
| 30 | } ciphers_config; | 29 | } ciphers_config; |
| @@ -41,18 +40,9 @@ struct option ciphers_options[] = { | |||
| 41 | .opt.flag = &ciphers_config.usage, | 40 | .opt.flag = &ciphers_config.usage, |
| 42 | }, | 41 | }, |
| 43 | { | 42 | { |
| 44 | .name = "ssl3", | ||
| 45 | .desc = "Only include SSLv3 ciphers", | ||
| 46 | .type = OPTION_VALUE, | ||
| 47 | .opt.value = &ciphers_config.ssl_version, | ||
| 48 | .value = SSL3_VERSION, | ||
| 49 | }, | ||
| 50 | { | ||
| 51 | .name = "tls1", | 43 | .name = "tls1", |
| 52 | .desc = "Only include TLSv1 ciphers", | 44 | .desc = "This option is deprecated since it is the default", |
| 53 | .type = OPTION_VALUE, | 45 | .type = OPTION_DISCARD, |
| 54 | .opt.value = &ciphers_config.ssl_version, | ||
| 55 | .value = TLS1_VERSION, | ||
| 56 | }, | 46 | }, |
| 57 | { | 47 | { |
| 58 | .name = "v", | 48 | .name = "v", |
| @@ -74,7 +64,7 @@ struct option ciphers_options[] = { | |||
| 74 | static void | 64 | static void |
| 75 | ciphers_usage(void) | 65 | ciphers_usage(void) |
| 76 | { | 66 | { |
| 77 | fprintf(stderr, "usage: ciphers [-hVv] [-ssl3 | -tls1] [cipherlist]\n"); | 67 | fprintf(stderr, "usage: ciphers [-hVv] [-tls1] [cipherlist]\n"); |
| 78 | options_usage(ciphers_options); | 68 | options_usage(ciphers_options); |
| 79 | } | 69 | } |
| 80 | 70 | ||
| @@ -83,7 +73,6 @@ ciphers_main(int argc, char **argv) | |||
| 83 | { | 73 | { |
| 84 | char *cipherlist = NULL; | 74 | char *cipherlist = NULL; |
| 85 | STACK_OF(SSL_CIPHER) *ciphers; | 75 | STACK_OF(SSL_CIPHER) *ciphers; |
| 86 | const SSL_METHOD *ssl_method; | ||
| 87 | const SSL_CIPHER *cipher; | 76 | const SSL_CIPHER *cipher; |
| 88 | SSL_CTX *ssl_ctx = NULL; | 77 | SSL_CTX *ssl_ctx = NULL; |
| 89 | SSL *ssl = NULL; | 78 | SSL *ssl = NULL; |
| @@ -104,18 +93,7 @@ ciphers_main(int argc, char **argv) | |||
| 104 | return (1); | 93 | return (1); |
| 105 | } | 94 | } |
| 106 | 95 | ||
| 107 | switch (ciphers_config.ssl_version) { | 96 | if ((ssl_ctx = SSL_CTX_new(TLSv1_client_method())) == NULL) |
| 108 | case SSL3_VERSION: | ||
| 109 | ssl_method = SSLv3_client_method(); | ||
| 110 | break; | ||
| 111 | case TLS1_VERSION: | ||
| 112 | ssl_method = TLSv1_client_method(); | ||
| 113 | break; | ||
| 114 | default: | ||
| 115 | ssl_method = SSLv3_server_method(); | ||
| 116 | } | ||
| 117 | |||
| 118 | if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) | ||
| 119 | goto err; | 97 | goto err; |
| 120 | 98 | ||
| 121 | if (cipherlist != NULL) { | 99 | if (cipherlist != NULL) { |