|
 |
f27bc9 |
diff -up openssl-fips-0.9.8e/doc/apps/ciphers.pod.disable-sslv2 openssl-fips-0.9.8e/doc/apps/ciphers.pod
|
|
|
f27bc9 |
--- openssl-fips-0.9.8e/doc/apps/ciphers.pod.disable-sslv2 2007-04-25 15:15:50.000000000 +0200
|
|
|
f27bc9 |
+++ openssl-fips-0.9.8e/doc/apps/ciphers.pod 2016-02-24 15:49:57.949108087 +0100
|
|
|
f27bc9 |
@@ -383,11 +383,11 @@ Note: these ciphers can also be used in
|
|
|
f27bc9 |
=head2 SSL v2.0 cipher suites.
|
|
|
f27bc9 |
|
|
|
f27bc9 |
SSL_CK_RC4_128_WITH_MD5 RC4-MD5
|
|
|
f27bc9 |
- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
|
|
|
f27bc9 |
- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
|
|
|
f27bc9 |
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
|
|
|
f27bc9 |
+ SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented.
|
|
|
f27bc9 |
+ SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5
|
|
|
f27bc9 |
+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented.
|
|
|
f27bc9 |
SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
|
|
|
f27bc9 |
- SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
|
|
|
f27bc9 |
+ SSL_CK_DES_64_CBC_WITH_MD5 Not implemented.
|
|
|
f27bc9 |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
|
|
|
f27bc9 |
|
|
|
f27bc9 |
=head1 NOTES
|
|
|
f27bc9 |
diff -up openssl-fips-0.9.8e/ssl/ssl_lib.c.disable-sslv2 openssl-fips-0.9.8e/ssl/ssl_lib.c
|
|
|
f27bc9 |
--- openssl-fips-0.9.8e/ssl/ssl_lib.c.disable-sslv2 2016-02-24 15:49:57.927107582 +0100
|
|
|
f27bc9 |
+++ openssl-fips-0.9.8e/ssl/ssl_lib.c 2016-02-24 15:49:57.948108064 +0100
|
|
|
f27bc9 |
@@ -1548,6 +1548,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
|
|
|
f27bc9 |
*/
|
|
|
f27bc9 |
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
|
|
|
f27bc9 |
|
|
|
f27bc9 |
+ ret->options |= SSL_OP_NO_SSLv2;
|
|
|
f27bc9 |
+
|
|
|
f27bc9 |
return(ret);
|
|
|
f27bc9 |
err:
|
|
|
f27bc9 |
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
|
|
|
f27bc9 |
diff -up openssl-fips-0.9.8e/ssl/s2_lib.c.disable-sslv2 openssl-fips-0.9.8e/ssl/s2_lib.c
|
|
|
f27bc9 |
--- openssl-fips-0.9.8e/ssl/s2_lib.c.disable-sslv2 2016-02-24 15:49:57.949108087 +0100
|
|
|
f27bc9 |
+++ openssl-fips-0.9.8e/ssl/s2_lib.c 2016-02-24 15:52:27.697544452 +0100
|
|
|
f27bc9 |
@@ -97,6 +97,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]
|
|
|
f27bc9 |
SSL_ALL_CIPHERS,
|
|
|
f27bc9 |
SSL_ALL_STRENGTHS,
|
|
|
f27bc9 |
},
|
|
|
f27bc9 |
+#if 0
|
|
|
f27bc9 |
/* RC4_128_EXPORT40_WITH_MD5 */
|
|
|
f27bc9 |
{
|
|
|
f27bc9 |
1,
|
|
|
f27bc9 |
@@ -110,6 +111,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]
|
|
|
f27bc9 |
SSL_ALL_CIPHERS,
|
|
|
f27bc9 |
SSL_ALL_STRENGTHS,
|
|
|
f27bc9 |
},
|
|
|
f27bc9 |
+#endif
|
|
|
f27bc9 |
/* RC2_128_CBC_WITH_MD5 */
|
|
|
f27bc9 |
{
|
|
|
f27bc9 |
1,
|
|
|
f27bc9 |
@@ -123,6 +125,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]
|
|
|
f27bc9 |
SSL_ALL_CIPHERS,
|
|
|
f27bc9 |
SSL_ALL_STRENGTHS,
|
|
|
f27bc9 |
},
|
|
|
f27bc9 |
+#if 0
|
|
|
f27bc9 |
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
|
|
|
f27bc9 |
{
|
|
|
f27bc9 |
1,
|
|
|
f27bc9 |
@@ -136,7 +139,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]
|
|
|
f27bc9 |
SSL_ALL_CIPHERS,
|
|
|
f27bc9 |
SSL_ALL_STRENGTHS,
|
|
|
f27bc9 |
},
|
|
|
f27bc9 |
-/* IDEA_128_CBC_WITH_MD5 */
|
|
|
f27bc9 |
+#endif
|
|
|
f27bc9 |
#ifndef OPENSSL_NO_IDEA
|
|
|
f27bc9 |
{
|
|
|
f27bc9 |
1,
|
|
|
f27bc9 |
@@ -151,6 +154,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]
|
|
|
f27bc9 |
SSL_ALL_STRENGTHS,
|
|
|
f27bc9 |
},
|
|
|
f27bc9 |
#endif
|
|
|
f27bc9 |
+#if 0
|
|
|
f27bc9 |
/* DES_64_CBC_WITH_MD5 */
|
|
|
f27bc9 |
{
|
|
|
f27bc9 |
1,
|
|
|
f27bc9 |
@@ -164,6 +168,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]
|
|
|
f27bc9 |
SSL_ALL_CIPHERS,
|
|
|
f27bc9 |
SSL_ALL_STRENGTHS,
|
|
|
f27bc9 |
},
|
|
|
f27bc9 |
+#endif
|
|
|
f27bc9 |
/* DES_192_EDE3_CBC_WITH_MD5 */
|
|
|
f27bc9 |
{
|
|
|
f27bc9 |
1,
|