From: Bodo Möller Date: Wed, 21 Mar 2007 14:18:27 +0000 (+0000) Subject: oops -- this should have been in 0.9.8e X-Git-Tag: FIPS_098_TEST_1~55^2~1 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d9e262443cc1cdc87d35ff860bbd13dd0eabc23e;p=oweals%2Fopenssl.git oops -- this should have been in 0.9.8e --- diff --git a/CHANGES b/CHANGES index 7d1194fe6e..92e6e3885a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,15 +4,13 @@ Changes between 0.9.8e and 0.9.8f [xx XXX xxxx] - *) - - Changes between 0.9.8d and 0.9.8e [23 Feb 2007] - *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. [Bodo Moeller] + Changes between 0.9.8d and 0.9.8e [23 Feb 2007] + *) Since AES128 and AES256 (and similarly Camellia128 and Camellia256) share a single mask bit in the logic of ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a diff --git a/ssl/ssl.h b/ssl/ssl.h index 2e067e7a78..b56b1c53a1 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -317,9 +317,9 @@ extern "C" { * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ #ifdef OPENSSL_NO_CAMELLIA -# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ #else -# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ #endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */