From 06777404d5d3c9d777364d633ff082f434d357d5 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 28 Aug 2017 16:37:04 +0000 Subject: Remove the original (pre-IETF) chacha20-poly1305 cipher suites. Support for the IETF standardised chacha20-poly1305 cipher suites was added 16 months ago, which means they exist in both of the currently supported OpenBSD releases. Also prompted by Andreas Bartelt . ok beck@ doug@ --- src/lib/libssl/s3_lib.c | 53 +------------------------------------------------ 1 file changed, 1 insertion(+), 52 deletions(-) (limited to 'src/lib/libssl/s3_lib.c') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index acbe30d804..bbf0444c21 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.158 2017/08/12 21:03:08 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.159 2017/08/28 16:37:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1299,57 +1299,6 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher CC13 */ - { - .valid = 1, - .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD, - .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CHACHA20POLY1305_OLD, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher CC14 */ - { - .valid = 1, - .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD, - .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD, - .algorithm_mkey = SSL_kECDHE, - .algorithm_auth = SSL_aECDSA, - .algorithm_enc = SSL_CHACHA20POLY1305_OLD, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), - .strength_bits = 256, - .alg_bits = 256, - }, - - /* Cipher CC15 */ - { - .valid = 1, - .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD, - .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD, - .algorithm_mkey = SSL_kDHE, - .algorithm_auth = SSL_aRSA, - .algorithm_enc = SSL_CHACHA20POLY1305_OLD, - .algorithm_mac = SSL_AEAD, - .algorithm_ssl = SSL_TLSV1_2, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| - SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), - .strength_bits = 256, - .alg_bits = 256, - }, - /* Cipher CCA8 */ { .valid = 1, -- cgit v1.2.3-55-g6feb