diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch | 592 |
1 files changed, 592 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch new file mode 100644 index 0000000000..de89d08d5c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch | |||
@@ -0,0 +1,592 @@ | |||
1 | From 021fb42dd0cf2bf985b0e26ca50418eb42c00d09 Mon Sep 17 00:00:00 2001 | ||
2 | From: Viktor Dukhovni <openssl-users@dukhovni.org> | ||
3 | Date: Wed, 17 Feb 2016 23:38:55 -0500 | ||
4 | Subject: [PATCH] Bring SSL method documentation up to date | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Reviewed-by: Emilia Käsper <emilia@openssl.org> | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | https://git.openssl.org/?p=openssl.git;a=commit;h=021fb42dd0cf2bf985b0e26ca50418eb42c00d09 | ||
14 | |||
15 | CVE: CVE-2016-0800 #2 patch | ||
16 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
17 | |||
18 | --- | ||
19 | doc/apps/ciphers.pod | 29 ++++--- | ||
20 | doc/apps/s_client.pod | 12 +-- | ||
21 | doc/apps/s_server.pod | 8 +- | ||
22 | doc/ssl/SSL_CONF_cmd.pod | 33 ++++---- | ||
23 | doc/ssl/SSL_CTX_new.pod | 168 ++++++++++++++++++++++++++++------------ | ||
24 | doc/ssl/SSL_CTX_set_options.pod | 10 +++ | ||
25 | doc/ssl/ssl.pod | 77 ++++++++++++++---- | ||
26 | 7 files changed, 226 insertions(+), 111 deletions(-) | ||
27 | |||
28 | diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod | ||
29 | index 1c26e3b..8038b05 100644 | ||
30 | --- a/doc/apps/ciphers.pod | ||
31 | +++ b/doc/apps/ciphers.pod | ||
32 | @@ -38,25 +38,21 @@ SSL v2 and for SSL v3/TLS v1. | ||
33 | |||
34 | Like B<-v>, but include cipher suite codes in output (hex format). | ||
35 | |||
36 | -=item B<-ssl3> | ||
37 | +=item B<-ssl3>, B<-tls1> | ||
38 | |||
39 | -only include SSL v3 ciphers. | ||
40 | +This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2. | ||
41 | |||
42 | =item B<-ssl2> | ||
43 | |||
44 | -only include SSL v2 ciphers. | ||
45 | - | ||
46 | -=item B<-tls1> | ||
47 | - | ||
48 | -only include TLS v1 ciphers. | ||
49 | +Only include SSLv2 ciphers. | ||
50 | |||
51 | =item B<-h>, B<-?> | ||
52 | |||
53 | -print a brief usage message. | ||
54 | +Print a brief usage message. | ||
55 | |||
56 | =item B<cipherlist> | ||
57 | |||
58 | -a cipher list to convert to a cipher preference list. If it is not included | ||
59 | +A cipher list to convert to a cipher preference list. If it is not included | ||
60 | then the default cipher list will be used. The format is described below. | ||
61 | |||
62 | =back | ||
63 | @@ -109,9 +105,10 @@ The following is a list of all permitted cipher strings and their meanings. | ||
64 | |||
65 | =item B<DEFAULT> | ||
66 | |||
67 | -the default cipher list. This is determined at compile time and | ||
68 | -is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string | ||
69 | -specified. | ||
70 | +The default cipher list. | ||
71 | +This is determined at compile time and is normally | ||
72 | +B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. | ||
73 | +When used, this must be the first cipherstring specified. | ||
74 | |||
75 | =item B<COMPLEMENTOFDEFAULT> | ||
76 | |||
77 | @@ -582,11 +579,11 @@ Note: these ciphers can also be used in SSL v3. | ||
78 | =head2 Deprecated SSL v2.0 cipher suites. | ||
79 | |||
80 | SSL_CK_RC4_128_WITH_MD5 RC4-MD5 | ||
81 | - SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 | ||
82 | - SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 | ||
83 | - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 | ||
84 | + SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented. | ||
85 | + SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5 | ||
86 | + SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented. | ||
87 | SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 | ||
88 | - SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 | ||
89 | + SSL_CK_DES_64_CBC_WITH_MD5 Not implemented. | ||
90 | SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 | ||
91 | |||
92 | =head1 NOTES | ||
93 | diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod | ||
94 | index 84d0527..618df96 100644 | ||
95 | --- a/doc/apps/s_client.pod | ||
96 | +++ b/doc/apps/s_client.pod | ||
97 | @@ -201,15 +201,11 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is | ||
98 | given as a hexadecimal number without leading 0x, for example -psk | ||
99 | 1a2b3c4d. | ||
100 | |||
101 | -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> | ||
102 | +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> | ||
103 | |||
104 | -these options disable the use of certain SSL or TLS protocols. By default | ||
105 | -the initial handshake uses a method which should be compatible with all | ||
106 | -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. | ||
107 | - | ||
108 | -Unfortunately there are still ancient and broken servers in use which | ||
109 | -cannot handle this technique and will fail to connect. Some servers only | ||
110 | -work if TLS is turned off. | ||
111 | +These options require or disable the use of the specified SSL or TLS protocols. | ||
112 | +By default the initial handshake uses a I<version-flexible> method which will | ||
113 | +negotiate the highest mutually supported protocol version. | ||
114 | |||
115 | =item B<-fallback_scsv> | ||
116 | |||
117 | diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod | ||
118 | index baca779..6f4acb7 100644 | ||
119 | --- a/doc/apps/s_server.pod | ||
120 | +++ b/doc/apps/s_server.pod | ||
121 | @@ -217,11 +217,11 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is | ||
122 | given as a hexadecimal number without leading 0x, for example -psk | ||
123 | 1a2b3c4d. | ||
124 | |||
125 | -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> | ||
126 | +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> | ||
127 | |||
128 | -these options disable the use of certain SSL or TLS protocols. By default | ||
129 | -the initial handshake uses a method which should be compatible with all | ||
130 | -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. | ||
131 | +These options require or disable the use of the specified SSL or TLS protocols. | ||
132 | +By default the initial handshake uses a I<version-flexible> method which will | ||
133 | +negotiate the highest mutually supported protocol version. | ||
134 | |||
135 | =item B<-bugs> | ||
136 | |||
137 | diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod | ||
138 | index 2bf1a60..e81d76a 100644 | ||
139 | --- a/doc/ssl/SSL_CONF_cmd.pod | ||
140 | +++ b/doc/ssl/SSL_CONF_cmd.pod | ||
141 | @@ -74,7 +74,7 @@ B<prime256v1>). Curve names are case sensitive. | ||
142 | |||
143 | =item B<-named_curve> | ||
144 | |||
145 | -This sets the temporary curve used for ephemeral ECDH modes. Only used by | ||
146 | +This sets the temporary curve used for ephemeral ECDH modes. Only used by | ||
147 | servers | ||
148 | |||
149 | The B<value> argument is a curve name or the special value B<auto> which | ||
150 | @@ -85,7 +85,7 @@ can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name | ||
151 | =item B<-cipher> | ||
152 | |||
153 | Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is | ||
154 | -currently not performed unless a B<SSL> or B<SSL_CTX> structure is | ||
155 | +currently not performed unless a B<SSL> or B<SSL_CTX> structure is | ||
156 | associated with B<cctx>. | ||
157 | |||
158 | =item B<-cert> | ||
159 | @@ -111,9 +111,9 @@ operations are permitted. | ||
160 | |||
161 | =item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> | ||
162 | |||
163 | -Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 | ||
164 | -by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>, | ||
165 | -B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. | ||
166 | +Disables protocol support for SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 | ||
167 | +by setting the corresponding options B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, | ||
168 | +B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> respectively. | ||
169 | |||
170 | =item B<-bugs> | ||
171 | |||
172 | @@ -177,7 +177,7 @@ Note: the command prefix (if set) alters the recognised B<cmd> values. | ||
173 | =item B<CipherString> | ||
174 | |||
175 | Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is | ||
176 | -currently not performed unless an B<SSL> or B<SSL_CTX> structure is | ||
177 | +currently not performed unless an B<SSL> or B<SSL_CTX> structure is | ||
178 | associated with B<cctx>. | ||
179 | |||
180 | =item B<Certificate> | ||
181 | @@ -244,7 +244,7 @@ B<prime256v1>). Curve names are case sensitive. | ||
182 | |||
183 | =item B<ECDHParameters> | ||
184 | |||
185 | -This sets the temporary curve used for ephemeral ECDH modes. Only used by | ||
186 | +This sets the temporary curve used for ephemeral ECDH modes. Only used by | ||
187 | servers | ||
188 | |||
189 | The B<value> argument is a curve name or the special value B<Automatic> which | ||
190 | @@ -258,10 +258,11 @@ The supported versions of the SSL or TLS protocol. | ||
191 | |||
192 | The B<value> argument is a comma separated list of supported protocols to | ||
193 | enable or disable. If an protocol is preceded by B<-> that version is disabled. | ||
194 | -All versions are enabled by default, though applications may choose to | ||
195 | -explicitly disable some. Currently supported protocol values are B<SSLv2>, | ||
196 | -B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers | ||
197 | -to all supported versions. | ||
198 | +Currently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>, | ||
199 | +B<TLSv1.1> and B<TLSv1.2>. | ||
200 | +All protocol versions other than B<SSLv2> are enabled by default. | ||
201 | +To avoid inadvertent enabling of B<SSLv2>, when SSLv2 is disabled, it is not | ||
202 | +possible to enable it via the B<Protocol> command. | ||
203 | |||
204 | =item B<Options> | ||
205 | |||
206 | @@ -339,16 +340,16 @@ The value is a directory name. | ||
207 | The order of operations is significant. This can be used to set either defaults | ||
208 | or values which cannot be overridden. For example if an application calls: | ||
209 | |||
210 | - SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); | ||
211 | + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); | ||
212 | SSL_CONF_cmd(ctx, userparam, uservalue); | ||
213 | |||
214 | -it will disable SSLv2 support by default but the user can override it. If | ||
215 | +it will disable SSLv3 support by default but the user can override it. If | ||
216 | however the call sequence is: | ||
217 | |||
218 | SSL_CONF_cmd(ctx, userparam, uservalue); | ||
219 | - SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); | ||
220 | + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); | ||
221 | |||
222 | -SSLv2 is B<always> disabled and attempt to override this by the user are | ||
223 | +then SSLv3 is B<always> disabled and attempt to override this by the user are | ||
224 | ignored. | ||
225 | |||
226 | By checking the return code of SSL_CTX_cmd() it is possible to query if a | ||
227 | @@ -372,7 +373,7 @@ can be checked instead. If -3 is returned a required argument is missing | ||
228 | and an error is indicated. If 0 is returned some other error occurred and | ||
229 | this can be reported back to the user. | ||
230 | |||
231 | -The function SSL_CONF_cmd_value_type() can be used by applications to | ||
232 | +The function SSL_CONF_cmd_value_type() can be used by applications to | ||
233 | check for the existence of a command or to perform additional syntax | ||
234 | checking or translation of the command value. For example if the return | ||
235 | value is B<SSL_CONF_TYPE_FILE> an application could translate a relative | ||
236 | diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod | ||
237 | index 491ac8c..b8cc879 100644 | ||
238 | --- a/doc/ssl/SSL_CTX_new.pod | ||
239 | +++ b/doc/ssl/SSL_CTX_new.pod | ||
240 | @@ -2,13 +2,55 @@ | ||
241 | |||
242 | =head1 NAME | ||
243 | |||
244 | -SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions | ||
245 | +SSL_CTX_new, | ||
246 | +SSLv23_method, SSLv23_server_method, SSLv23_client_method, | ||
247 | +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, | ||
248 | +TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, | ||
249 | +TLSv1_method, TLSv1_server_method, TLSv1_client_method, | ||
250 | +SSLv3_method, SSLv3_server_method, SSLv3_client_method, | ||
251 | +SSLv2_method, SSLv2_server_method, SSLv2_client_method, | ||
252 | +DTLS_method, DTLS_server_method, DTLS_client_method, | ||
253 | +DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method, | ||
254 | +DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method - | ||
255 | +create a new SSL_CTX object as framework for TLS/SSL enabled functions | ||
256 | |||
257 | =head1 SYNOPSIS | ||
258 | |||
259 | #include <openssl/ssl.h> | ||
260 | |||
261 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); | ||
262 | + const SSL_METHOD *SSLv23_method(void); | ||
263 | + const SSL_METHOD *SSLv23_server_method(void); | ||
264 | + const SSL_METHOD *SSLv23_client_method(void); | ||
265 | + const SSL_METHOD *TLSv1_2_method(void); | ||
266 | + const SSL_METHOD *TLSv1_2_server_method(void); | ||
267 | + const SSL_METHOD *TLSv1_2_client_method(void); | ||
268 | + const SSL_METHOD *TLSv1_1_method(void); | ||
269 | + const SSL_METHOD *TLSv1_1_server_method(void); | ||
270 | + const SSL_METHOD *TLSv1_1_client_method(void); | ||
271 | + const SSL_METHOD *TLSv1_method(void); | ||
272 | + const SSL_METHOD *TLSv1_server_method(void); | ||
273 | + const SSL_METHOD *TLSv1_client_method(void); | ||
274 | + #ifndef OPENSSL_NO_SSL3_METHOD | ||
275 | + const SSL_METHOD *SSLv3_method(void); | ||
276 | + const SSL_METHOD *SSLv3_server_method(void); | ||
277 | + const SSL_METHOD *SSLv3_client_method(void); | ||
278 | + #endif | ||
279 | + #ifndef OPENSSL_NO_SSL2 | ||
280 | + const SSL_METHOD *SSLv2_method(void); | ||
281 | + const SSL_METHOD *SSLv2_server_method(void); | ||
282 | + const SSL_METHOD *SSLv2_client_method(void); | ||
283 | + #endif | ||
284 | + | ||
285 | + const SSL_METHOD *DTLS_method(void); | ||
286 | + const SSL_METHOD *DTLS_server_method(void); | ||
287 | + const SSL_METHOD *DTLS_client_method(void); | ||
288 | + const SSL_METHOD *DTLSv1_2_method(void); | ||
289 | + const SSL_METHOD *DTLSv1_2_server_method(void); | ||
290 | + const SSL_METHOD *DTLSv1_2_client_method(void); | ||
291 | + const SSL_METHOD *DTLSv1_method(void); | ||
292 | + const SSL_METHOD *DTLSv1_server_method(void); | ||
293 | + const SSL_METHOD *DTLSv1_client_method(void); | ||
294 | |||
295 | =head1 DESCRIPTION | ||
296 | |||
297 | @@ -23,65 +65,88 @@ client only type. B<method> can be of the following types: | ||
298 | |||
299 | =over 4 | ||
300 | |||
301 | -=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) | ||
302 | +=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method() | ||
303 | + | ||
304 | +These are the general-purpose I<version-flexible> SSL/TLS methods. | ||
305 | +The actual protocol version used will be negotiated to the highest version | ||
306 | +mutually supported by the client and the server. | ||
307 | +The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. | ||
308 | +Most applications should use these method, and avoid the version specific | ||
309 | +methods described below. | ||
310 | + | ||
311 | +The list of protocols available can be further limited using the | ||
312 | +B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, | ||
313 | +B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the | ||
314 | +L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions. | ||
315 | +Clients should avoid creating "holes" in the set of protocols they support, | ||
316 | +when disabling a protocol, make sure that you also disable either all previous | ||
317 | +or all subsequent protocol versions. | ||
318 | +In clients, when a protocol version is disabled without disabling I<all> | ||
319 | +previous protocol versions, the effect is to also disable all subsequent | ||
320 | +protocol versions. | ||
321 | + | ||
322 | +The SSLv2 and SSLv3 protocols are deprecated and should generally not be used. | ||
323 | +Applications should typically use L<SSL_CTX_set_options(3)> in combination with | ||
324 | +the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above | ||
325 | +I<version-flexible> SSL/TLS methods. | ||
326 | +The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared | ||
327 | +via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2. | ||
328 | + | ||
329 | +=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method() | ||
330 | |||
331 | -A TLS/SSL connection established with these methods will only understand | ||
332 | -the SSLv2 protocol. A client will send out SSLv2 client hello messages | ||
333 | -and will also indicate that it only understand SSLv2. A server will only | ||
334 | -understand SSLv2 client hello messages. | ||
335 | +A TLS/SSL connection established with these methods will only understand the | ||
336 | +TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and | ||
337 | +will also indicate that it only understand TLSv1.2. A server will only | ||
338 | +understand TLSv1.2 client hello messages. | ||
339 | |||
340 | -=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) | ||
341 | +=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method() | ||
342 | |||
343 | A TLS/SSL connection established with these methods will only understand the | ||
344 | -SSLv3 protocol. A client will send out SSLv3 client hello messages | ||
345 | -and will indicate that it only understands SSLv3. A server will only understand | ||
346 | -SSLv3 client hello messages. This especially means, that it will | ||
347 | -not understand SSLv2 client hello messages which are widely used for | ||
348 | -compatibility reasons, see SSLv23_*_method(). | ||
349 | +TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and | ||
350 | +will also indicate that it only understand TLSv1.1. A server will only | ||
351 | +understand TLSv1.1 client hello messages. | ||
352 | |||
353 | -=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) | ||
354 | +=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method() | ||
355 | |||
356 | A TLS/SSL connection established with these methods will only understand the | ||
357 | -TLSv1 protocol. A client will send out TLSv1 client hello messages | ||
358 | -and will indicate that it only understands TLSv1. A server will only understand | ||
359 | -TLSv1 client hello messages. This especially means, that it will | ||
360 | -not understand SSLv2 client hello messages which are widely used for | ||
361 | -compatibility reasons, see SSLv23_*_method(). It will also not understand | ||
362 | -SSLv3 client hello messages. | ||
363 | - | ||
364 | -=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) | ||
365 | - | ||
366 | -A TLS/SSL connection established with these methods may understand the SSLv2, | ||
367 | -SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. | ||
368 | - | ||
369 | -If the cipher list does not contain any SSLv2 ciphersuites (the default | ||
370 | -cipher list does not) or extensions are required (for example server name) | ||
371 | -a client will send out TLSv1 client hello messages including extensions and | ||
372 | -will indicate that it also understands TLSv1.1, TLSv1.2 and permits a | ||
373 | -fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 | ||
374 | -protocols. This is the best choice when compatibility is a concern. | ||
375 | - | ||
376 | -If any SSLv2 ciphersuites are included in the cipher list and no extensions | ||
377 | -are required then SSLv2 compatible client hellos will be used by clients and | ||
378 | -SSLv2 will be accepted by servers. This is B<not> recommended due to the | ||
379 | -insecurity of SSLv2 and the limited nature of the SSLv2 client hello | ||
380 | -prohibiting the use of extensions. | ||
381 | +TLSv1 protocol. A client will send out TLSv1 client hello messages and will | ||
382 | +indicate that it only understands TLSv1. A server will only understand TLSv1 | ||
383 | +client hello messages. | ||
384 | |||
385 | -=back | ||
386 | +=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method() | ||
387 | + | ||
388 | +A TLS/SSL connection established with these methods will only understand the | ||
389 | +SSLv3 protocol. A client will send out SSLv3 client hello messages and will | ||
390 | +indicate that it only understands SSLv3. A server will only understand SSLv3 | ||
391 | +client hello messages. The SSLv3 protocol is deprecated and should not be | ||
392 | +used. | ||
393 | + | ||
394 | +=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method() | ||
395 | + | ||
396 | +A TLS/SSL connection established with these methods will only understand the | ||
397 | +SSLv2 protocol. A client will send out SSLv2 client hello messages and will | ||
398 | +also indicate that it only understand SSLv2. A server will only understand | ||
399 | +SSLv2 client hello messages. The SSLv2 protocol offers little to no security | ||
400 | +and should not be used. | ||
401 | +As of OpenSSL 1.0.2g, EXPORT ciphers and 56-bit DES are no longer available | ||
402 | +with SSLv2. | ||
403 | |||
404 | -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, | ||
405 | -SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 | ||
406 | -options of the SSL_CTX_set_options() or SSL_set_options() functions. | ||
407 | -Using these options it is possible to choose e.g. SSLv23_server_method() and | ||
408 | -be able to negotiate with all possible clients, but to only allow newer | ||
409 | -protocols like TLSv1, TLSv1.1 or TLS v1.2. | ||
410 | +=item DTLS_method(), DTLS_server_method(), DTLS_client_method() | ||
411 | |||
412 | -Applications which never want to support SSLv2 (even is the cipher string | ||
413 | -is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2. | ||
414 | +These are the version-flexible DTLS methods. | ||
415 | + | ||
416 | +=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method() | ||
417 | + | ||
418 | +These are the version-specific methods for DTLSv1.2. | ||
419 | + | ||
420 | +=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method() | ||
421 | + | ||
422 | +These are the version-specific methods for DTLSv1. | ||
423 | + | ||
424 | +=back | ||
425 | |||
426 | -SSL_CTX_new() initializes the list of ciphers, the session cache setting, | ||
427 | -the callbacks, the keys and certificates and the options to its default | ||
428 | -values. | ||
429 | +SSL_CTX_new() initializes the list of ciphers, the session cache setting, the | ||
430 | +callbacks, the keys and certificates and the options to its default values. | ||
431 | |||
432 | =head1 RETURN VALUES | ||
433 | |||
434 | @@ -91,8 +156,8 @@ The following return values can occur: | ||
435 | |||
436 | =item NULL | ||
437 | |||
438 | -The creation of a new SSL_CTX object failed. Check the error stack to | ||
439 | -find out the reason. | ||
440 | +The creation of a new SSL_CTX object failed. Check the error stack to find out | ||
441 | +the reason. | ||
442 | |||
443 | =item Pointer to an SSL_CTX object | ||
444 | |||
445 | @@ -102,6 +167,7 @@ The return value points to an allocated SSL_CTX object. | ||
446 | |||
447 | =head1 SEE ALSO | ||
448 | |||
449 | +L<SSL_CTX_set_options(3)>, L<SSL_CTX_clear_options(3)>, L<SSL_set_options(3)>, | ||
450 | L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>, | ||
451 | L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> | ||
452 | |||
453 | diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod | ||
454 | index e80a72c..9a7e98c 100644 | ||
455 | --- a/doc/ssl/SSL_CTX_set_options.pod | ||
456 | +++ b/doc/ssl/SSL_CTX_set_options.pod | ||
457 | @@ -189,15 +189,25 @@ browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta | ||
458 | =item SSL_OP_NO_SSLv2 | ||
459 | |||
460 | Do not use the SSLv2 protocol. | ||
461 | +As of OpenSSL 1.0.2g the B<SSL_OP_NO_SSLv2> option is set by default. | ||
462 | |||
463 | =item SSL_OP_NO_SSLv3 | ||
464 | |||
465 | Do not use the SSLv3 protocol. | ||
466 | +It is recommended that applications should set this option. | ||
467 | |||
468 | =item SSL_OP_NO_TLSv1 | ||
469 | |||
470 | Do not use the TLSv1 protocol. | ||
471 | |||
472 | +=item SSL_OP_NO_TLSv1_1 | ||
473 | + | ||
474 | +Do not use the TLSv1.1 protocol. | ||
475 | + | ||
476 | +=item SSL_OP_NO_TLSv1_2 | ||
477 | + | ||
478 | +Do not use the TLSv1.2 protocol. | ||
479 | + | ||
480 | =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ||
481 | |||
482 | When performing renegotiation as a server, always start a new session | ||
483 | diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod | ||
484 | index 242087e..70cca17 100644 | ||
485 | --- a/doc/ssl/ssl.pod | ||
486 | +++ b/doc/ssl/ssl.pod | ||
487 | @@ -130,41 +130,86 @@ protocol methods defined in B<SSL_METHOD> structures. | ||
488 | |||
489 | =over 4 | ||
490 | |||
491 | -=item const SSL_METHOD *B<SSLv2_client_method>(void); | ||
492 | +=item const SSL_METHOD *B<SSLv23_method>(void); | ||
493 | |||
494 | -Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. | ||
495 | +Constructor for the I<version-flexible> SSL_METHOD structure for | ||
496 | +clients, servers or both. | ||
497 | +See L<SSL_CTX_new(3)> for details. | ||
498 | |||
499 | -=item const SSL_METHOD *B<SSLv2_server_method>(void); | ||
500 | +=item const SSL_METHOD *B<SSLv23_client_method>(void); | ||
501 | |||
502 | -Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. | ||
503 | +Constructor for the I<version-flexible> SSL_METHOD structure for | ||
504 | +clients. | ||
505 | |||
506 | -=item const SSL_METHOD *B<SSLv2_method>(void); | ||
507 | +=item const SSL_METHOD *B<SSLv23_client_method>(void); | ||
508 | |||
509 | -Constructor for the SSLv2 SSL_METHOD structure for combined client and server. | ||
510 | +Constructor for the I<version-flexible> SSL_METHOD structure for | ||
511 | +servers. | ||
512 | |||
513 | -=item const SSL_METHOD *B<SSLv3_client_method>(void); | ||
514 | +=item const SSL_METHOD *B<TLSv1_2_method>(void); | ||
515 | |||
516 | -Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. | ||
517 | +Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers | ||
518 | +or both. | ||
519 | |||
520 | -=item const SSL_METHOD *B<SSLv3_server_method>(void); | ||
521 | +=item const SSL_METHOD *B<TLSv1_2_client_method>(void); | ||
522 | |||
523 | -Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. | ||
524 | +Constructor for the TLSv1.2 SSL_METHOD structure for clients. | ||
525 | |||
526 | -=item const SSL_METHOD *B<SSLv3_method>(void); | ||
527 | +=item const SSL_METHOD *B<TLSv1_2_server_method>(void); | ||
528 | + | ||
529 | +Constructor for the TLSv1.2 SSL_METHOD structure for servers. | ||
530 | + | ||
531 | +=item const SSL_METHOD *B<TLSv1_1_method>(void); | ||
532 | |||
533 | -Constructor for the SSLv3 SSL_METHOD structure for combined client and server. | ||
534 | +Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers | ||
535 | +or both. | ||
536 | + | ||
537 | +=item const SSL_METHOD *B<TLSv1_1_client_method>(void); | ||
538 | + | ||
539 | +Constructor for the TLSv1.1 SSL_METHOD structure for clients. | ||
540 | + | ||
541 | +=item const SSL_METHOD *B<TLSv1_1_server_method>(void); | ||
542 | + | ||
543 | +Constructor for the TLSv1.1 SSL_METHOD structure for servers. | ||
544 | + | ||
545 | +=item const SSL_METHOD *B<TLSv1_method>(void); | ||
546 | + | ||
547 | +Constructor for the TLSv1 SSL_METHOD structure for clients, servers | ||
548 | +or both. | ||
549 | |||
550 | =item const SSL_METHOD *B<TLSv1_client_method>(void); | ||
551 | |||
552 | -Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. | ||
553 | +Constructor for the TLSv1 SSL_METHOD structure for clients. | ||
554 | |||
555 | =item const SSL_METHOD *B<TLSv1_server_method>(void); | ||
556 | |||
557 | -Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. | ||
558 | +Constructor for the TLSv1 SSL_METHOD structure for servers. | ||
559 | |||
560 | -=item const SSL_METHOD *B<TLSv1_method>(void); | ||
561 | +=item const SSL_METHOD *B<SSLv3_method>(void); | ||
562 | + | ||
563 | +Constructor for the SSLv3 SSL_METHOD structure for clients, servers | ||
564 | +or both. | ||
565 | + | ||
566 | +=item const SSL_METHOD *B<SSLv3_client_method>(void); | ||
567 | + | ||
568 | +Constructor for the SSLv3 SSL_METHOD structure for clients. | ||
569 | + | ||
570 | +=item const SSL_METHOD *B<SSLv3_server_method>(void); | ||
571 | + | ||
572 | +Constructor for the SSLv3 SSL_METHOD structure for servers. | ||
573 | + | ||
574 | +=item const SSL_METHOD *B<SSLv2_method>(void); | ||
575 | + | ||
576 | +Constructor for the SSLv2 SSL_METHOD structure for clients, servers | ||
577 | +or both. | ||
578 | + | ||
579 | +=item const SSL_METHOD *B<SSLv2_client_method>(void); | ||
580 | + | ||
581 | +Constructor for the SSLv2 SSL_METHOD structure for clients. | ||
582 | + | ||
583 | +=item const SSL_METHOD *B<SSLv2_server_method>(void); | ||
584 | |||
585 | -Constructor for the TLSv1 SSL_METHOD structure for combined client and server. | ||
586 | +Constructor for the SSLv2 SSL_METHOD structure for servers. | ||
587 | |||
588 | =back | ||
589 | |||
590 | -- | ||
591 | 2.3.5 | ||
592 | |||