diff options
author | Matt Caswell <matt@openssl.org> | 2015-09-29 11:14:35 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-09-30 19:15:06 +0100 |
commit | c84f7f4a7405d69be4227d4766290b0950122b3c (patch) | |
tree | 3ae21ee691960e88e3291d10eef5d9540f70b992 /CHANGES | |
parent | 8eed3289b21d25583ed44742db43a2d727b79643 (diff) | |
download | openssl-c84f7f4a7405d69be4227d4766290b0950122b3c.tar.gz |
Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.
Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -4,6 +4,12 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although + in 1.0.2 EXPORT was already removed and the only RC2 ciphersuite is also + an EXPORT one. COMPLEMENTOFDEFAULT has been updated accordingly to add + DES and RC4 ciphersuites. + [Matt Caswell] + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, though the change is mostly in the more lenient direction, and |