diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 10c6db6..b6af408 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -373,6 +373,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { #endif /* Cipher 0D */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, @@ -387,6 +388,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#endif /* Cipher 0E */ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS @@ -425,6 +427,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { #endif /* Cipher 10 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, @@ -439,6 +442,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#endif /* The Ephemeral DH ciphers */ /* Cipher 11 */ @@ -942,6 +946,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, }, /* Cipher 30 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_AES_128_SHA, @@ -956,7 +961,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +# endif /* Cipher 31 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_AES_128_SHA, @@ -971,6 +978,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +# endif /* Cipher 32 */ { 1, @@ -1033,6 +1041,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, }, /* Cipher 36 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_AES_256_SHA, @@ -1047,8 +1056,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +# endif /* Cipher 37 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_AES_256_SHA, @@ -1063,6 +1074,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +# endif /* Cipher 38 */ { @@ -1162,6 +1174,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 3E */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, @@ -1176,8 +1189,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +# endif /* Cipher 3F */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, @@ -1192,6 +1207,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +# endif /* Cipher 40 */ { @@ -1229,6 +1245,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 42 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, @@ -1243,8 +1260,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +# endif /* Cipher 43 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, @@ -1259,6 +1278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +# endif /* Cipher 44 */ { @@ -1452,6 +1472,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 68 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, @@ -1466,8 +1487,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher 69 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, @@ -1482,6 +1505,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher 6A */ { @@ -1621,6 +1645,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, }, /* Cipher 85 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, @@ -1635,8 +1660,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher 86 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, @@ -1651,6 +1678,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher 87 */ { @@ -1787,6 +1815,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 97 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_SEED_SHA, @@ -1801,8 +1830,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher 98 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_SEED_SHA, @@ -1817,6 +1848,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher 99 */ { @@ -1935,6 +1967,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher A0 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, @@ -1949,8 +1982,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher A1 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, @@ -1965,6 +2000,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher A2 */ { @@ -1999,6 +2035,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher A4 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, @@ -2013,8 +2050,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher A5 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, @@ -2029,6 +2068,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher A6 */ { @@ -2079,6 +2119,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, @@ -2093,8 +2134,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +#endif /* Cipher C002 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, @@ -2109,8 +2152,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C003 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, @@ -2125,8 +2170,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#endif /* Cipher C004 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, @@ -2141,8 +2188,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C005 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, @@ -2157,6 +2206,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher C006 */ { @@ -2239,6 +2289,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C00B */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, @@ -2253,8 +2304,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 0, 0, }, +#endif /* Cipher C00C */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, @@ -2269,8 +2322,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C00D */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, @@ -2285,8 +2340,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#endif /* Cipher C00E */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, @@ -2301,8 +2358,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C00F */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, @@ -2317,6 +2376,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher C010 */ { @@ -2661,6 +2721,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C025 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, @@ -2675,8 +2736,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C026 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, @@ -2691,6 +2754,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher C027 */ { @@ -2725,6 +2789,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C029 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, @@ -2739,8 +2804,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C02A */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, @@ -2755,6 +2822,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* GCM based TLS v1.2 ciphersuites from RFC5289 */ @@ -2791,6 +2859,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C02D */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, @@ -2805,8 +2874,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C02E */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, @@ -2821,6 +2892,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif /* Cipher C02F */ { @@ -2855,6 +2927,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher C031 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, @@ -2869,8 +2942,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, +#endif /* Cipher C032 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, @@ -2885,6 +2960,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#endif #endif /* OPENSSL_NO_ECDH */