From e843203f68c93a86a5676169443b79795cc060ba Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 6 Nov 2016 13:11:40 +0000 Subject: Adjust cipher suite strengths - move MD5 to LOW, RC4 to LOW and 3DES to MEDIUM. ok beck@ bcook@ --- src/lib/libssl/s3_lib.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 8a7a98507a..e66394a491 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.111 2016/11/06 12:08:32 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.112 2016/11/06 13:11:40 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -212,7 +212,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_RC4, .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_MEDIUM, + .algo_strength = SSL_LOW, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 128, .alg_bits = 128, @@ -228,7 +228,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_RC4, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_MEDIUM, + .algo_strength = SSL_LOW, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 128, .alg_bits = 128, @@ -260,7 +260,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_3DES, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, + .algo_strength = SSL_MEDIUM, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 112, .alg_bits = 168, @@ -296,7 +296,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_3DES, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, + .algo_strength = SSL_MEDIUM, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 112, .alg_bits = 168, @@ -328,7 +328,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_3DES, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, + .algo_strength = SSL_MEDIUM, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 112, .alg_bits = 168, @@ -344,7 +344,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_RC4, .algorithm_mac = SSL_MD5, .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_MEDIUM, + .algo_strength = SSL_LOW, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 128, .alg_bits = 128, @@ -376,7 +376,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_3DES, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_SSLV3, - .algo_strength = SSL_HIGH, + .algo_strength = SSL_MEDIUM, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 112, .alg_bits = 168, @@ -1137,7 +1137,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_RC4, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_MEDIUM, + .algo_strength = SSL_LOW, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 128, .alg_bits = 128, @@ -1153,7 +1153,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_3DES, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, + .algo_strength = SSL_MEDIUM, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 112, .alg_bits = 168, @@ -1217,7 +1217,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_RC4, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_MEDIUM, + .algo_strength = SSL_LOW, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 128, .alg_bits = 128, @@ -1297,7 +1297,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_RC4, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_MEDIUM, + .algo_strength = SSL_LOW, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 128, .alg_bits = 128, @@ -1313,7 +1313,7 @@ SSL_CIPHER ssl3_ciphers[] = { .algorithm_enc = SSL_3DES, .algorithm_mac = SSL_SHA1, .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, + .algo_strength = SSL_MEDIUM, .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, .strength_bits = 112, .alg_bits = 168, -- cgit v1.2.3-55-g6feb