From d9e262443cc1cdc87d35ff860bbd13dd0eabc23e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Wed, 21 Mar 2007 14:18:27 +0000 Subject: [PATCH] oops -- this should have been in 0.9.8e --- CHANGES | 6 ++---- ssl/ssl.h | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 7d1194fe6e..92e6e3885a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,15 +4,13 @@ Changes between 0.9.8e and 0.9.8f [xx XXX xxxx] - *) - - Changes between 0.9.8d and 0.9.8e [23 Feb 2007] - *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. [Bodo Moeller] + Changes between 0.9.8d and 0.9.8e [23 Feb 2007] + *) Since AES128 and AES256 (and similarly Camellia128 and Camellia256) share a single mask bit in the logic of ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a diff --git a/ssl/ssl.h b/ssl/ssl.h index 2e067e7a78..b56b1c53a1 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -317,9 +317,9 @@ extern "C" { * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ #ifdef OPENSSL_NO_CAMELLIA -# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ #else -# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ #endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -- 2.25.1