Disable SSLv2 default build, default negotiation and weak ciphers.

[oweals/openssl.git] / ssl / s2_lib.c

diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index f8a943930369b4d84754f74d85e343ab577d3478..a8036b357f0e9341d0ab914f0a79d572f4398a6e 100644 (file)
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
      128,
      },
 
+# if 0
 /* RC4_128_EXPORT40_WITH_MD5 */
     {
      1,
@@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
      40,
      128,
      },
+# endif
 
 /* RC2_128_CBC_WITH_MD5 */
     {
@@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
      128,
      },
 
+# if 0
 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
     {
      1,
@@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
      40,
      128,
      },
+# endif
 
 # ifndef OPENSSL_NO_IDEA
 /* IDEA_128_CBC_WITH_MD5 */
@@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
      },
 # endif
 
+# if 0
 /* DES_64_CBC_WITH_MD5 */
     {
      1,
@@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
      56,
      56,
      },
+# endif
 
 /* DES_192_EDE3_CBC_WITH_MD5 */
     {
@@ -493,7 +499,7 @@ int ssl2_generate_key_material(SSL *s)
 
         OPENSSL_assert(s->session->master_key_length >= 0
                        && s->session->master_key_length
-                       < (int)sizeof(s->session->master_key));
+                       <= (int)sizeof(s->session->master_key));
         EVP_DigestUpdate(&ctx, s->session->master_key,
                          s->session->master_key_length);
         EVP_DigestUpdate(&ctx, &c, 1);