oops -- this should have been in 0.9.8e

diff --git a/CHANGES b/CHANGES
index 7d1194fe6e0a23e41bad0467045b2e844d650ef7..92e6e3885a94fd19cf5e76782ec12822bc60af67 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,15 +4,13 @@
 
  Changes between 0.9.8e and 0.9.8f  [xx XXX xxxx]
 
-  *)
-
- Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
-
   *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
      a ciphersuite string such as "DEFAULT:RSA" cannot enable
      authentication-only ciphersuites.
      [Bodo Moeller]
 
+ Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+
   *) Since AES128 and AES256 (and similarly Camellia128 and
      Camellia256) share a single mask bit in the logic of
      ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2e067e7a78e468909984ffc12c6eabd50b1e22d4..b56b1c53a1a2b89788b653b492af3981843159f2 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -317,9 +317,9 @@ extern "C" {
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
 #ifdef OPENSSL_NO_CAMELLIA
-# define SSL_DEFAULT_CIPHER_LIST       "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+# define SSL_DEFAULT_CIPHER_LIST       "ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
 #else
-# define SSL_DEFAULT_CIPHER_LIST       "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+# define SSL_DEFAULT_CIPHER_LIST       "AES:CAMELLIA:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
 #endif
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */