diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2013-12-20 02:28:10 -0500 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-01-09 15:43:28 +0000 |
| commit | 4b5cce664c8c770dbac661286c5118cb54d1d9d6 (patch) | |
| tree | 50817b0a3e4fbbd32b7aac0d640ce40f0e58a32d | |
| parent | 889f39c70ffd2971de9bf076fa0c11bca49aa581 (diff) | |
| download | openssl-4b5cce664c8c770dbac661286c5118cb54d1d9d6.tar.gz | |
Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA
Replace the full ciphersuites with "EDH-" in their labels with "DHE-"
so that all DHE ciphersuites are referred to in the same way.
Leave backward-compatible aliases for the ciphersuites in question so
that configurations which specify these explicitly will continue
working.
| -rw-r--r-- | ssl/s3_lib.c | 12 | ||||
| -rw-r--r-- | ssl/ssl3.h | 11 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 15 |
3 files changed, 32 insertions, 6 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2f822bd6d1..5c8aa13142 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -428,7 +428,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 11 */ { 1, - SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, + SSL3_TXT_DHE_DSS_DES_40_CBC_SHA, SSL3_CK_DHE_DSS_DES_40_CBC_SHA, SSL_kDHE, SSL_aDSS, @@ -444,7 +444,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 12 */ { 1, - SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, + SSL3_TXT_DHE_DSS_DES_64_CBC_SHA, SSL3_CK_DHE_DSS_DES_64_CBC_SHA, SSL_kDHE, SSL_aDSS, @@ -460,7 +460,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 13 */ { 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, + SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA, SSL3_CK_DHE_DSS_DES_192_CBC3_SHA, SSL_kDHE, SSL_aDSS, @@ -476,7 +476,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 14 */ { 1, - SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, + SSL3_TXT_DHE_RSA_DES_40_CBC_SHA, SSL3_CK_DHE_RSA_DES_40_CBC_SHA, SSL_kDHE, SSL_aRSA, @@ -492,7 +492,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 15 */ { 1, - SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, + SSL3_TXT_DHE_RSA_DES_64_CBC_SHA, SSL3_CK_DHE_RSA_DES_64_CBC_SHA, SSL_kDHE, SSL_aRSA, @@ -508,7 +508,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 16 */ { 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, + SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, SSL3_CK_DHE_RSA_DES_192_CBC3_SHA, SSL_kDHE, SSL_aRSA, diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 17dd50c069..c94b3a4290 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -214,6 +214,17 @@ extern "C" { #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" +#define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA" +#define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA" +#define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA" +#define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA" +#define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA" + +/* This next block of six "EDH" labels is for backward compatibility + with older versions of OpenSSL. New code should use the six "DHE" + labels above instead: + */ #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 64764342af..1a2849a053 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -330,6 +330,21 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, /* FIPS 140-2 approved ciphersuite */ {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, + + /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */ + {0,SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,0, + SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,}, + {0,SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,0, + SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,}, + {0,SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,0, + SSL_kDHE,SSL_aDSS,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,}, + {0,SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,0, + SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,}, + {0,SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,0, + SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,}, + {0,SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,0, + SSL_kDHE,SSL_aRSA,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,}, + }; /* Search for public key algorithm with given name and * return its pkey_id if it is available. Otherwise return 0 |