From 56f1acf5ef8a432992497a04792ff4b3b2c6f286 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Wed, 17 Feb 2016 21:37:15 -0500 Subject: [PATCH] Disable SSLv2 default build, default negotiation and weak ciphers. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. Mitigation for CVE-2016-0800 Reviewed-by: Emilia Käsper Signed-off-by: Mark Hatle --- CHANGES | 17 +++++++++++++++++ Configure | 3 ++- NEWS | 2 +- ssl/s2_lib.c | 6 ++++++ ssl/ssl_lib.c | 7 +++++++ 5 files changed, 33 insertions(+), 2 deletions(-) From a82cfd612b30258c7d720153298846727b06b046 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Wed, 17 Feb 2016 23:22:59 -0500 Subject: [PATCH] Bring SSL method documentation up to date MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Emilia Käsper Signed-off-by: Mark Hatle --- doc/apps/ciphers.pod | 29 ++++---- doc/apps/s_client.pod | 13 ++-- doc/apps/s_server.pod | 8 +-- doc/ssl/SSL_CTX_new.pod | 152 ++++++++++++++++++++++++++-------------- doc/ssl/SSL_CTX_set_options.pod | 10 +++ doc/ssl/ssl.pod | 77 +++++++++++++++----- 6 files changed, 193 insertions(+), 96 deletions(-) From abd5d8fbef7085499ba7785622da4e8288068f46 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Fri, 19 Feb 2016 13:05:11 -0500 Subject: [PATCH] Disable EXPORT and LOW SSLv3+ ciphers by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Emilia Käsper Signed-off-by: Mark Hatle --- CHANGES | 5 +++++ Configure | 5 +++++ NEWS | 1 + doc/apps/ciphers.pod | 30 ++++++++++++++++++++--------- ssl/s3_lib.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 86 insertions(+), 9 deletions(-) Index: openssl-1.0.1e/Configure =================================================================== --- openssl-1.0.1e.orig/Configure +++ openssl-1.0.1e/Configure @@ -58,6 +58,10 @@ my $usage="Usage: Configure [no- # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by +# default. Note, weak SSLv2 ciphers are unconditionally +# disabled. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through @@ -781,9 +785,11 @@ my %disabled = ( # "what" => "co "md2" => "default", "rc5" => "default", "rfc3779" => "default", - "sctp" => "default", + "sctp" => "default", "shared" => "default", + "ssl2" => "default", "store" => "experimental", + "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); Index: openssl-1.0.1e/ssl/s2_lib.c =================================================================== --- openssl-1.0.1e.orig/ssl/s2_lib.c +++ openssl-1.0.1e/ssl/s2_lib.c @@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip 128, }, +#if 0 /* RC4_128_EXPORT40_WITH_MD5 */ { 1, @@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip 40, 128, }, +#endif /* RC2_128_CBC_WITH_MD5 */ { @@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip 128, }, +#if 0 /* RC2_128_CBC_EXPORT40_WITH_MD5 */ { 1, @@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip 40, 128, }, +#endif #ifndef OPENSSL_NO_IDEA /* IDEA_128_CBC_WITH_MD5 */ @@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip }, #endif +#if 0 /* DES_64_CBC_WITH_MD5 */ { 1, @@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip 56, 56, }, +#endif /* DES_192_EDE3_CBC_WITH_MD5 */ { Index: openssl-1.0.1e/ssl/ssl_lib.c =================================================================== --- openssl-1.0.1e.orig/ssl/ssl_lib.c +++ openssl-1.0.1e/ssl/ssl_lib.c @@ -1906,6 +1906,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + /* + * Disable SSLv2 by default, callers that want to enable SSLv2 will have to + * explicitly clear this option via either of SSL_CTX_clear_options() or + * SSL_clear_options(). + */ + ret->options |= SSL_OP_NO_SSLv2; + return(ret); err: SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); Index: openssl-1.0.1e/doc/apps/ciphers.pod =================================================================== --- openssl-1.0.1e.orig/doc/apps/ciphers.pod +++ openssl-1.0.1e/doc/apps/ciphers.pod @@ -38,25 +38,21 @@ SSL v2 and for SSL v3/TLS v1. Like B<-V>, but include cipher suite codes in output (hex format). -=item B<-ssl3> +=item B<-ssl3>, B<-tls1> -only include SSL v3 ciphers. +This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2. =item B<-ssl2> -only include SSL v2 ciphers. - -=item B<-tls1> - -only include TLS v1 ciphers. +Only include SSLv2 ciphers. =item B<-h>, B<-?> -print a brief usage message. +Print a brief usage message. =item B -a cipher list to convert to a cipher preference list. If it is not included +A cipher list to convert to a cipher preference list. If it is not included then the default cipher list will be used. The format is described below. =back @@ -109,9 +105,10 @@ The following is a list of all permitted =item B -the default cipher list. This is determined at compile time and, as of OpenSSL -1.0.0, is normally B. This must be the first cipher string -specified. +The default cipher list. +This is determined at compile time and is normally +B. +When used, this must be the first cipherstring specified. =item B @@ -139,34 +136,45 @@ than 128 bits, and some cipher suites wi =item B -"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms -but excluding export cipher suites. +Low strength encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B, B -export encryption algorithms. Including 40 and 56 bits algorithms. +Export strength encryption algorithms. Including 40 and 56 bits algorithms. +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B -40 bit export encryption algorithms +40-bit export encryption algorithms +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B -56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of +56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of 56 bit export ciphers is empty unless OpenSSL has been explicitly configured with support for experimental ciphers. +As of OpenSSL 1.0.1s, these are disabled in default builds. =item B, B -the "NULL" ciphers that is those offering no encryption. Because these offer no -encryption at all and are a security risk they are disabled unless explicitly -included. +The "NULL" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +B or B cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +B or B as these do overlap with the B ciphers. +When in doubt, include B in your cipherlist. =item B -the cipher suites offering no authentication. This is currently the anonymous -DH algorithms. These cipher suites are vulnerable to a "man in the middle" -attack and so their use is normally discouraged. +DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable +to a "man in the middle" attack and so their use is normally discouraged. +These are excluded from the B ciphers, but included in the B +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +B or B as these do overlap with the B ciphers. +When in doubt, include B in your cipherlist. =item B, B @@ -426,11 +434,11 @@ Note: these ciphers can also be used in =head2 SSL v2.0 cipher suites. SSL_CK_RC4_128_WITH_MD5 RC4-MD5 - SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 - SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 + SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented. + SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5 + SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented. SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 - SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 + SSL_CK_DES_64_CBC_WITH_MD5 Not implemented. SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 =head1 NOTES Index: openssl-1.0.1e/doc/apps/s_client.pod =================================================================== --- openssl-1.0.1e.orig/doc/apps/s_client.pod +++ openssl-1.0.1e/doc/apps/s_client.pod @@ -181,13 +181,9 @@ given as a hexadecimal number without le =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -these options disable the use of certain SSL or TLS protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. - -Unfortunately there are still ancient and broken servers in use which -cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off. +These options require or disable the use of the specified SSL or TLS protocols. +By default the initial handshake uses a I method which will +negotiate the highest mutually supported protocol version. =item B<-fallback_scsv> Index: openssl-1.0.1e/doc/apps/s_server.pod =================================================================== --- openssl-1.0.1e.orig/doc/apps/s_server.pod +++ openssl-1.0.1e/doc/apps/s_server.pod @@ -201,11 +201,11 @@ Use the PSK key B when using a PSK given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -these options disable the use of certain SSL or TLS protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. +These options require or disable the use of the specified SSL or TLS protocols. +By default the initial handshake uses a I method which will +negotiate the highest mutually supported protocol version. =item B<-bugs> Index: openssl-1.0.1e/doc/ssl/SSL_CTX_new.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_new.pod +++ openssl-1.0.1e/doc/ssl/SSL_CTX_new.pod @@ -2,13 +2,47 @@ =head1 NAME -SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions +SSL_CTX_new, +SSLv23_method, SSLv23_server_method, SSLv23_client_method, +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, +TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, +TLSv1_method, TLSv1_server_method, TLSv1_client_method, +SSLv3_method, SSLv3_server_method, SSLv3_client_method, +SSLv2_method, SSLv2_server_method, SSLv2_client_method, +DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method - +create a new SSL_CTX object as framework for TLS/SSL enabled functions =head1 SYNOPSIS #include SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); + const SSL_METHOD *SSLv23_method(void); + const SSL_METHOD *SSLv23_server_method(void); + const SSL_METHOD *SSLv23_client_method(void); + const SSL_METHOD *TLSv1_2_method(void); + const SSL_METHOD *TLSv1_2_server_method(void); + const SSL_METHOD *TLSv1_2_client_method(void); + const SSL_METHOD *TLSv1_1_method(void); + const SSL_METHOD *TLSv1_1_server_method(void); + const SSL_METHOD *TLSv1_1_client_method(void); + const SSL_METHOD *TLSv1_method(void); + const SSL_METHOD *TLSv1_server_method(void); + const SSL_METHOD *TLSv1_client_method(void); + #ifndef OPENSSL_NO_SSL3_METHOD + const SSL_METHOD *SSLv3_method(void); + const SSL_METHOD *SSLv3_server_method(void); + const SSL_METHOD *SSLv3_client_method(void); + #endif + #ifndef OPENSSL_NO_SSL2 + const SSL_METHOD *SSLv2_method(void); + const SSL_METHOD *SSLv2_server_method(void); + const SSL_METHOD *SSLv2_client_method(void); + #endif + + const SSL_METHOD *DTLSv1_method(void); + const SSL_METHOD *DTLSv1_server_method(void); + const SSL_METHOD *DTLSv1_client_method(void); =head1 DESCRIPTION @@ -23,51 +57,80 @@ client only type. B can be of th =over 4 -=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) +=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method() -A TLS/SSL connection established with these methods will only understand -the SSLv2 protocol. A client will send out SSLv2 client hello messages -and will also indicate that it only understand SSLv2. A server will only -understand SSLv2 client hello messages. +These are the general-purpose I SSL/TLS methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. +Most applications should use these method, and avoid the version specific +methods described below. + +The list of protocols available can be further limited using the +B, B, B, +B and B options of the +L or L functions. +Clients should avoid creating "holes" in the set of protocols they support, +when disabling a protocol, make sure that you also disable either all previous +or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling I +previous protocol versions, the effect is to also disable all subsequent +protocol versions. + +The SSLv2 and SSLv3 protocols are deprecated and should generally not be used. +Applications should typically use L in combination with +the B flag to disable negotiation of SSLv3 via the above +I SSL/TLS methods. +The B option is set by default, and would need to be cleared +via L in order to enable negotiation of SSLv2. -=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) +=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method() A TLS/SSL connection established with these methods will only understand the -SSLv3 protocol. A client will send out SSLv3 client hello messages -and will indicate that it only understands SSLv3. A server will only understand -SSLv3 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). +TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and +will also indicate that it only understand TLSv1.2. A server will only +understand TLSv1.2 client hello messages. -=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) +=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method() A TLS/SSL connection established with these methods will only understand the -TLSv1 protocol. A client will send out TLSv1 client hello messages -and will indicate that it only understands TLSv1. A server will only understand -TLSv1 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). It will also not understand -SSLv3 client hello messages. - -=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) - -A TLS/SSL connection established with these methods will understand the SSLv2, -SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages -and will indicate that it also understands SSLv3 and TLSv1. A server will -understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best -choice when compatibility is a concern. +TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and +will also indicate that it only understand TLSv1.1. A server will only +understand TLSv1.1 client hello messages. + +=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method() + +A TLS/SSL connection established with these methods will only understand the +TLSv1 protocol. A client will send out TLSv1 client hello messages and will +indicate that it only understands TLSv1. A server will only understand TLSv1 +client hello messages. + +=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method() + +A TLS/SSL connection established with these methods will only understand the +SSLv3 protocol. A client will send out SSLv3 client hello messages and will +indicate that it only understands SSLv3. A server will only understand SSLv3 +client hello messages. The SSLv3 protocol is deprecated and should not be +used. + +=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method() + +A TLS/SSL connection established with these methods will only understand the +SSLv2 protocol. A client will send out SSLv2 client hello messages and will +also indicate that it only understand SSLv2. A server will only understand +SSLv2 client hello messages. The SSLv2 protocol offers little to no security +and should not be used. +As of OpenSSL 1.0.1s, EXPORT ciphers and 56-bit DES are no longer available +with SSLv2. + +=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method() + +These are the version-specific methods for DTLSv1. =back -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, -SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B or -B functions. Using these options it is possible to choose -e.g. SSLv23_server_method() and be able to negotiate with all possible -clients, but to only allow newer protocols like SSLv3 or TLSv1. - -SSL_CTX_new() initializes the list of ciphers, the session cache setting, -the callbacks, the keys and certificates, and the options to its default -values. +SSL_CTX_new() initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to its default values. =head1 RETURN VALUES @@ -77,8 +140,8 @@ The following return values can occur: =item NULL -The creation of a new SSL_CTX object failed. Check the error stack to -find out the reason. +The creation of a new SSL_CTX object failed. Check the error stack to find out +the reason. =item Pointer to an SSL_CTX object @@ -88,6 +151,7 @@ The return value points to an allocated =head1 SEE ALSO +L, L, L, L, L, L, L Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_options.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_options.pod +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_options.pod @@ -182,15 +182,25 @@ browser has a cert, it will crash/hang. =item SSL_OP_NO_SSLv2 Do not use the SSLv2 protocol. +As of OpenSSL 1.0.1s the B option is set by default. =item SSL_OP_NO_SSLv3 Do not use the SSLv3 protocol. +It is recommended that applications should set this option. =item SSL_OP_NO_TLSv1 Do not use the TLSv1 protocol. +=item SSL_OP_NO_TLSv1_1 + +Do not use the TLSv1.1 protocol. + +=item SSL_OP_NO_TLSv1_2 + +Do not use the TLSv1.2 protocol. + =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION When performing renegotiation as a server, always start a new session Index: openssl-1.0.1e/doc/ssl/ssl.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/ssl.pod +++ openssl-1.0.1e/doc/ssl/ssl.pod @@ -130,41 +130,86 @@ protocol methods defined in B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. +Constructor for the I SSL_METHOD structure for +clients, servers or both. +See L for details. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. +Constructor for the I SSL_METHOD structure for +clients. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv2 SSL_METHOD structure for combined client and server. +Constructor for the I SSL_METHOD structure for +servers. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. +Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers +or both. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. +Constructor for the TLSv1.2 SSL_METHOD structure for clients. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1.2 SSL_METHOD structure for servers. + +=item const SSL_METHOD *B(void); -Constructor for the SSLv3 SSL_METHOD structure for combined client and server. +Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers +or both. + +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1.1 SSL_METHOD structure for clients. + +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1.1 SSL_METHOD structure for servers. + +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1 SSL_METHOD structure for clients, servers +or both. =item const SSL_METHOD *B(void); -Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. +Constructor for the TLSv1 SSL_METHOD structure for clients. =item const SSL_METHOD *B(void); -Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. +Constructor for the TLSv1 SSL_METHOD structure for servers. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); + +Constructor for the SSLv3 SSL_METHOD structure for clients, servers +or both. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv3 SSL_METHOD structure for clients. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv3 SSL_METHOD structure for servers. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv2 SSL_METHOD structure for clients, servers +or both. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv2 SSL_METHOD structure for clients. + +=item const SSL_METHOD *B(void); -Constructor for the TLSv1 SSL_METHOD structure for combined client and server. +Constructor for the SSLv2 SSL_METHOD structure for servers. =back Index: openssl-1.0.1e/ssl/s3_lib.c =================================================================== --- openssl-1.0.1e.orig/ssl/s3_lib.c +++ openssl-1.0.1e/ssl/s3_lib.c @@ -203,6 +203,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 03 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_RC4_40_MD5, @@ -217,6 +218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +#endif /* Cipher 04 */ { @@ -251,6 +253,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 06 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_RC2_40_MD5, @@ -265,6 +268,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +#endif /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA @@ -285,6 +289,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] #endif /* Cipher 08 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_40_CBC_SHA, @@ -299,8 +304,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 56, }, +#endif /* Cipher 09 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_64_CBC_SHA, @@ -315,6 +322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +#endif /* Cipher 0A */ { @@ -334,6 +342,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] /* The DH ciphers */ /* Cipher 0B */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, @@ -348,8 +357,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 56, }, +#endif /* Cipher 0C */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_DSS_DES_64_CBC_SHA, @@ -364,6 +375,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +#endif /* Cipher 0D */ { @@ -382,6 +394,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 0E */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_RSA_DES_40_CBC_SHA, @@ -396,8 +409,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 56, }, +#endif /* Cipher 0F */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, /* not implemented (non-ephemeral DH) */ SSL3_TXT_DH_RSA_DES_64_CBC_SHA, @@ -412,6 +427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +#endif /* Cipher 10 */ { @@ -431,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] /* The Ephemeral DH ciphers */ /* Cipher 11 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, @@ -445,8 +462,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 56, }, +#endif /* Cipher 12 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, @@ -461,6 +480,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +#endif /* Cipher 13 */ { @@ -479,6 +499,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 14 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, @@ -493,8 +514,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 56, }, +#endif /* Cipher 15 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, @@ -509,6 +532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +#endif /* Cipher 16 */ { @@ -527,6 +551,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 17 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_RC4_40_MD5, @@ -541,6 +566,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +#endif /* Cipher 18 */ { @@ -559,6 +585,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 19 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_DES_40_CBC_SHA, @@ -573,8 +600,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +#endif /* Cipher 1A */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_DES_64_CBC_SHA, @@ -589,6 +618,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +#endif /* Cipher 1B */ { @@ -660,6 +690,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] #ifndef OPENSSL_NO_KRB5 /* The Kerberos ciphers*/ /* Cipher 1E */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_64_CBC_SHA, @@ -674,6 +705,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +# endif /* Cipher 1F */ { @@ -724,6 +756,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 22 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_64_CBC_MD5, @@ -738,6 +771,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +# endif /* Cipher 23 */ { @@ -788,6 +822,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] }, /* Cipher 26 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_40_CBC_SHA, @@ -802,8 +837,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 56, }, +# endif /* Cipher 27 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC2_40_CBC_SHA, @@ -818,8 +855,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +# endif /* Cipher 28 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC4_40_SHA, @@ -834,8 +873,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +# endif /* Cipher 29 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_40_CBC_MD5, @@ -850,8 +891,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 56, }, +# endif /* Cipher 2A */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC2_40_CBC_MD5, @@ -866,8 +909,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +# endif /* Cipher 2B */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC4_40_MD5, @@ -882,6 +927,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 40, 128, }, +# endif #endif /* OPENSSL_NO_KRB5 */ /* New AES ciphersuites */ @@ -1305,6 +1351,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] #endif /* Cipher 62 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, @@ -1319,8 +1366,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +#endif /* Cipher 63 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, @@ -1335,8 +1384,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 56, }, +# endif /* Cipher 64 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, @@ -1351,8 +1402,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 128, }, +# endif /* Cipher 65 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, @@ -1367,6 +1420,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 56, 128, }, +# endif /* Cipher 66 */ {