diff options
| author | jsing <> | 2017-05-07 21:05:05 +0000 |
|---|---|---|
| committer | jsing <> | 2017-05-07 21:05:05 +0000 |
| commit | bd476af11cf7a471c351acc33081eb901c9f68d5 (patch) | |
| tree | 2fc21f4848ae2e1aa7e8d4072706bfc14738256f /src | |
| parent | ad1b182fb82eec32f3f5d1da1c2da2e628439d02 (diff) | |
| download | openbsd-bd476af11cf7a471c351acc33081eb901c9f68d5.tar.gz openbsd-bd476af11cf7a471c351acc33081eb901c9f68d5.tar.bz2 openbsd-bd476af11cf7a471c351acc33081eb901c9f68d5.zip | |
Drop cipher suites with DSS authentication - there is no good reason to
keep these around.
ok beck@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 198 |
1 files changed, 1 insertions, 197 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 697ac6c7c5..98d7c69721 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.143 2017/05/07 04:22:24 beck Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.144 2017/05/07 21:05:05 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -273,38 +273,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 273 | * Ephemeral DH (DHE) ciphers. | 273 | * Ephemeral DH (DHE) ciphers. |
| 274 | */ | 274 | */ |
| 275 | 275 | ||
| 276 | /* Cipher 12 */ | ||
| 277 | { | ||
| 278 | .valid = 1, | ||
| 279 | .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | ||
| 280 | .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | ||
| 281 | .algorithm_mkey = SSL_kDHE, | ||
| 282 | .algorithm_auth = SSL_aDSS, | ||
| 283 | .algorithm_enc = SSL_DES, | ||
| 284 | .algorithm_mac = SSL_SHA1, | ||
| 285 | .algorithm_ssl = SSL_SSLV3, | ||
| 286 | .algo_strength = SSL_LOW, | ||
| 287 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 288 | .strength_bits = 56, | ||
| 289 | .alg_bits = 56, | ||
| 290 | }, | ||
| 291 | |||
| 292 | /* Cipher 13 */ | ||
| 293 | { | ||
| 294 | .valid = 1, | ||
| 295 | .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | ||
| 296 | .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | ||
| 297 | .algorithm_mkey = SSL_kDHE, | ||
| 298 | .algorithm_auth = SSL_aDSS, | ||
| 299 | .algorithm_enc = SSL_3DES, | ||
| 300 | .algorithm_mac = SSL_SHA1, | ||
| 301 | .algorithm_ssl = SSL_SSLV3, | ||
| 302 | .algo_strength = SSL_MEDIUM, | ||
| 303 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 304 | .strength_bits = 112, | ||
| 305 | .alg_bits = 168, | ||
| 306 | }, | ||
| 307 | |||
| 308 | /* Cipher 15 */ | 276 | /* Cipher 15 */ |
| 309 | { | 277 | { |
| 310 | .valid = 1, | 278 | .valid = 1, |
| @@ -405,22 +373,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 405 | .alg_bits = 128, | 373 | .alg_bits = 128, |
| 406 | }, | 374 | }, |
| 407 | 375 | ||
| 408 | /* Cipher 32 */ | ||
| 409 | { | ||
| 410 | .valid = 1, | ||
| 411 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | ||
| 412 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | ||
| 413 | .algorithm_mkey = SSL_kDHE, | ||
| 414 | .algorithm_auth = SSL_aDSS, | ||
| 415 | .algorithm_enc = SSL_AES128, | ||
| 416 | .algorithm_mac = SSL_SHA1, | ||
| 417 | .algorithm_ssl = SSL_TLSV1, | ||
| 418 | .algo_strength = SSL_HIGH, | ||
| 419 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 420 | .strength_bits = 128, | ||
| 421 | .alg_bits = 128, | ||
| 422 | }, | ||
| 423 | |||
| 424 | /* Cipher 33 */ | 376 | /* Cipher 33 */ |
| 425 | { | 377 | { |
| 426 | .valid = 1, | 378 | .valid = 1, |
| @@ -469,22 +421,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 469 | .alg_bits = 256, | 421 | .alg_bits = 256, |
| 470 | }, | 422 | }, |
| 471 | 423 | ||
| 472 | /* Cipher 38 */ | ||
| 473 | { | ||
| 474 | .valid = 1, | ||
| 475 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | ||
| 476 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | ||
| 477 | .algorithm_mkey = SSL_kDHE, | ||
| 478 | .algorithm_auth = SSL_aDSS, | ||
| 479 | .algorithm_enc = SSL_AES256, | ||
| 480 | .algorithm_mac = SSL_SHA1, | ||
| 481 | .algorithm_ssl = SSL_TLSV1, | ||
| 482 | .algo_strength = SSL_HIGH, | ||
| 483 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 484 | .strength_bits = 256, | ||
| 485 | .alg_bits = 256, | ||
| 486 | }, | ||
| 487 | |||
| 488 | /* Cipher 39 */ | 424 | /* Cipher 39 */ |
| 489 | { | 425 | { |
| 490 | .valid = 1, | 426 | .valid = 1, |
| @@ -566,22 +502,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 566 | .alg_bits = 256, | 502 | .alg_bits = 256, |
| 567 | }, | 503 | }, |
| 568 | 504 | ||
| 569 | /* Cipher 40 */ | ||
| 570 | { | ||
| 571 | .valid = 1, | ||
| 572 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, | ||
| 573 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, | ||
| 574 | .algorithm_mkey = SSL_kDHE, | ||
| 575 | .algorithm_auth = SSL_aDSS, | ||
| 576 | .algorithm_enc = SSL_AES128, | ||
| 577 | .algorithm_mac = SSL_SHA256, | ||
| 578 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 579 | .algo_strength = SSL_HIGH, | ||
| 580 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 581 | .strength_bits = 128, | ||
| 582 | .alg_bits = 128, | ||
| 583 | }, | ||
| 584 | |||
| 585 | #ifndef OPENSSL_NO_CAMELLIA | 505 | #ifndef OPENSSL_NO_CAMELLIA |
| 586 | /* Camellia ciphersuites from RFC4132 (128-bit portion) */ | 506 | /* Camellia ciphersuites from RFC4132 (128-bit portion) */ |
| 587 | 507 | ||
| @@ -601,22 +521,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 601 | .alg_bits = 128, | 521 | .alg_bits = 128, |
| 602 | }, | 522 | }, |
| 603 | 523 | ||
| 604 | /* Cipher 44 */ | ||
| 605 | { | ||
| 606 | .valid = 1, | ||
| 607 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 608 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 609 | .algorithm_mkey = SSL_kDHE, | ||
| 610 | .algorithm_auth = SSL_aDSS, | ||
| 611 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 612 | .algorithm_mac = SSL_SHA1, | ||
| 613 | .algorithm_ssl = SSL_TLSV1, | ||
| 614 | .algo_strength = SSL_HIGH, | ||
| 615 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 616 | .strength_bits = 128, | ||
| 617 | .alg_bits = 128, | ||
| 618 | }, | ||
| 619 | |||
| 620 | /* Cipher 45 */ | 524 | /* Cipher 45 */ |
| 621 | { | 525 | { |
| 622 | .valid = 1, | 526 | .valid = 1, |
| @@ -667,22 +571,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 667 | .alg_bits = 128, | 571 | .alg_bits = 128, |
| 668 | }, | 572 | }, |
| 669 | 573 | ||
| 670 | /* Cipher 6A */ | ||
| 671 | { | ||
| 672 | .valid = 1, | ||
| 673 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, | ||
| 674 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, | ||
| 675 | .algorithm_mkey = SSL_kDHE, | ||
| 676 | .algorithm_auth = SSL_aDSS, | ||
| 677 | .algorithm_enc = SSL_AES256, | ||
| 678 | .algorithm_mac = SSL_SHA256, | ||
| 679 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 680 | .algo_strength = SSL_HIGH, | ||
| 681 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 682 | .strength_bits = 256, | ||
| 683 | .alg_bits = 256, | ||
| 684 | }, | ||
| 685 | |||
| 686 | /* Cipher 6B */ | 574 | /* Cipher 6B */ |
| 687 | { | 575 | { |
| 688 | .valid = 1, | 576 | .valid = 1, |
| @@ -785,22 +673,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 785 | .alg_bits = 256, | 673 | .alg_bits = 256, |
| 786 | }, | 674 | }, |
| 787 | 675 | ||
| 788 | /* Cipher 87 */ | ||
| 789 | { | ||
| 790 | .valid = 1, | ||
| 791 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 792 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 793 | .algorithm_mkey = SSL_kDHE, | ||
| 794 | .algorithm_auth = SSL_aDSS, | ||
| 795 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 796 | .algorithm_mac = SSL_SHA1, | ||
| 797 | .algorithm_ssl = SSL_TLSV1, | ||
| 798 | .algo_strength = SSL_HIGH, | ||
| 799 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 800 | .strength_bits = 256, | ||
| 801 | .alg_bits = 256, | ||
| 802 | }, | ||
| 803 | |||
| 804 | /* Cipher 88 */ | 676 | /* Cipher 88 */ |
| 805 | { | 677 | { |
| 806 | .valid = 1, | 678 | .valid = 1, |
| @@ -910,42 +782,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 910 | .alg_bits = 256, | 782 | .alg_bits = 256, |
| 911 | }, | 783 | }, |
| 912 | 784 | ||
| 913 | /* Cipher A2 */ | ||
| 914 | { | ||
| 915 | .valid = 1, | ||
| 916 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, | ||
| 917 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, | ||
| 918 | .algorithm_mkey = SSL_kDHE, | ||
| 919 | .algorithm_auth = SSL_aDSS, | ||
| 920 | .algorithm_enc = SSL_AES128GCM, | ||
| 921 | .algorithm_mac = SSL_AEAD, | ||
| 922 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 923 | .algo_strength = SSL_HIGH, | ||
| 924 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 925 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 926 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 927 | .strength_bits = 128, | ||
| 928 | .alg_bits = 128, | ||
| 929 | }, | ||
| 930 | |||
| 931 | /* Cipher A3 */ | ||
| 932 | { | ||
| 933 | .valid = 1, | ||
| 934 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, | ||
| 935 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, | ||
| 936 | .algorithm_mkey = SSL_kDHE, | ||
| 937 | .algorithm_auth = SSL_aDSS, | ||
| 938 | .algorithm_enc = SSL_AES256GCM, | ||
| 939 | .algorithm_mac = SSL_AEAD, | ||
| 940 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 941 | .algo_strength = SSL_HIGH, | ||
| 942 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 943 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 944 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 945 | .strength_bits = 256, | ||
| 946 | .alg_bits = 256, | ||
| 947 | }, | ||
| 948 | |||
| 949 | /* Cipher A6 */ | 785 | /* Cipher A6 */ |
| 950 | { | 786 | { |
| 951 | .valid = 1, | 787 | .valid = 1, |
| @@ -1001,22 +837,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1001 | .alg_bits = 128, | 837 | .alg_bits = 128, |
| 1002 | }, | 838 | }, |
| 1003 | 839 | ||
| 1004 | /* Cipher BD */ | ||
| 1005 | { | ||
| 1006 | .valid = 1, | ||
| 1007 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1008 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1009 | .algorithm_mkey = SSL_kDHE, | ||
| 1010 | .algorithm_auth = SSL_aDSS, | ||
| 1011 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 1012 | .algorithm_mac = SSL_SHA256, | ||
| 1013 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1014 | .algo_strength = SSL_HIGH, | ||
| 1015 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1016 | .strength_bits = 128, | ||
| 1017 | .alg_bits = 128, | ||
| 1018 | }, | ||
| 1019 | |||
| 1020 | /* Cipher BE */ | 840 | /* Cipher BE */ |
| 1021 | { | 841 | { |
| 1022 | .valid = 1, | 842 | .valid = 1, |
| @@ -1065,22 +885,6 @@ SSL_CIPHER ssl3_ciphers[] = { | |||
| 1065 | .alg_bits = 256, | 885 | .alg_bits = 256, |
| 1066 | }, | 886 | }, |
| 1067 | 887 | ||
| 1068 | /* Cipher C3 */ | ||
| 1069 | { | ||
| 1070 | .valid = 1, | ||
| 1071 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1072 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1073 | .algorithm_mkey = SSL_kDHE, | ||
| 1074 | .algorithm_auth = SSL_aDSS, | ||
| 1075 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 1076 | .algorithm_mac = SSL_SHA256, | ||
| 1077 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1078 | .algo_strength = SSL_HIGH, | ||
| 1079 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1080 | .strength_bits = 256, | ||
| 1081 | .alg_bits = 256, | ||
| 1082 | }, | ||
| 1083 | |||
| 1084 | /* Cipher C4 */ | 888 | /* Cipher C4 */ |
| 1085 | { | 889 | { |
| 1086 | .valid = 1, | 890 | .valid = 1, |