From: Kurt Roeckx Date: Sun, 7 Feb 2016 19:20:01 +0000 (+0100) Subject: IDEA is not supported in TLS 1.2 X-Git-Tag: OpenSSL_1_1_0-pre4~117 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d7a474264b4bc9c8ae87c897fe4c5803f97b5f8d;p=oweals%2Fopenssl.git IDEA is not supported in TLS 1.2 This currently seems to be the only cipher we still support that should get disabled. Reviewed-by: Viktor Dukhovni MR: #1595 --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 093ff09e8f..c779ea76c3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -242,8 +242,8 @@ static const SSL_CIPHER ssl3_ciphers[] = { SSL_aRSA, SSL_IDEA, SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + SSL3_VERSION, TLS1_1_VERSION, + DTLS1_VERSION, DTLS1_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128,