diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch | 503 |
1 files changed, 0 insertions, 503 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch deleted file mode 100644 index d2602447f3..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch +++ /dev/null | |||
@@ -1,503 +0,0 @@ | |||
1 | From bc38a7d2d3c6082163c50ddf99464736110f2000 Mon Sep 17 00:00:00 2001 | ||
2 | From: Viktor Dukhovni <openssl-users@dukhovni.org> | ||
3 | Date: Fri, 19 Feb 2016 13:05:11 -0500 | ||
4 | Subject: [PATCH] Disable EXPORT and LOW SSLv3+ ciphers by default | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Reviewed-by: Emilia Käsper <emilia@openssl.org> | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | https://git.openssl.org/?p=openssl.git;a=commit;h=bc38a7d2d3c6082163c50ddf99464736110f2000 | ||
14 | |||
15 | CVE: CVE-2016-0800 #3 patch | ||
16 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
17 | |||
18 | --- | ||
19 | CHANGES | 5 +++++ | ||
20 | Configure | 5 +++++ | ||
21 | NEWS | 1 + | ||
22 | doc/apps/ciphers.pod | 30 ++++++++++++++++++++--------- | ||
23 | ssl/s3_lib.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
24 | 5 files changed, 86 insertions(+), 9 deletions(-) | ||
25 | |||
26 | Index: openssl-1.0.2d/Configure | ||
27 | =================================================================== | ||
28 | --- openssl-1.0.2d.orig/Configure | ||
29 | +++ openssl-1.0.2d/Configure | ||
30 | @@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher> | ||
31 | # library and will be loaded in run-time by the OpenSSL library. | ||
32 | # sctp include SCTP support | ||
33 | # 386 generate 80386 code | ||
34 | +# enable-weak-ssl-ciphers | ||
35 | +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by | ||
36 | +# default. Note, weak SSLv2 ciphers are unconditionally | ||
37 | +# disabled. | ||
38 | # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 | ||
39 | # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) | ||
40 | # -<xxx> +<xxx> compiler options are passed through | ||
41 | @@ -853,6 +857,7 @@ my %disabled = ( # "what" => "co | ||
42 | "ssl2" => "default", | ||
43 | "store" => "experimental", | ||
44 | "unit-test" => "default", | ||
45 | + "weak-ssl-ciphers" => "default", | ||
46 | "zlib" => "default", | ||
47 | "zlib-dynamic" => "default" | ||
48 | ); | ||
49 | Index: openssl-1.0.2d/doc/apps/ciphers.pod | ||
50 | =================================================================== | ||
51 | --- openssl-1.0.2d.orig/doc/apps/ciphers.pod | ||
52 | +++ openssl-1.0.2d/doc/apps/ciphers.pod | ||
53 | @@ -136,34 +136,46 @@ than 128 bits, and some cipher suites wi | ||
54 | |||
55 | =item B<LOW> | ||
56 | |||
57 | -"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms | ||
58 | -but excluding export cipher suites. | ||
59 | +Low strength encryption cipher suites, currently those using 64 or 56 bit | ||
60 | +encryption algorithms but excluding export cipher suites. | ||
61 | +As of OpenSSL 1.0.2g, these are disabled in default builds. | ||
62 | |||
63 | =item B<EXP>, B<EXPORT> | ||
64 | |||
65 | -export encryption algorithms. Including 40 and 56 bits algorithms. | ||
66 | +Export strength encryption algorithms. Including 40 and 56 bits algorithms. | ||
67 | +As of OpenSSL 1.0.2g, these are disabled in default builds. | ||
68 | |||
69 | =item B<EXPORT40> | ||
70 | |||
71 | -40 bit export encryption algorithms | ||
72 | +40-bit export encryption algorithms | ||
73 | +As of OpenSSL 1.0.2g, these are disabled in default builds. | ||
74 | |||
75 | =item B<EXPORT56> | ||
76 | |||
77 | -56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of | ||
78 | +56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of | ||
79 | 56 bit export ciphers is empty unless OpenSSL has been explicitly configured | ||
80 | with support for experimental ciphers. | ||
81 | +As of OpenSSL 1.0.2g, these are disabled in default builds. | ||
82 | |||
83 | =item B<eNULL>, B<NULL> | ||
84 | |||
85 | -the "NULL" ciphers that is those offering no encryption. Because these offer no | ||
86 | -encryption at all and are a security risk they are disabled unless explicitly | ||
87 | -included. | ||
88 | +The "NULL" ciphers that is those offering no encryption. Because these offer no | ||
89 | +encryption at all and are a security risk they are not enabled via either the | ||
90 | +B<DEFAULT> or B<ALL> cipher strings. | ||
91 | +Be careful when building cipherlists out of lower-level primitives such as | ||
92 | +B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers. | ||
93 | +When in doubt, include B<!eNULL> in your cipherlist. | ||
94 | |||
95 | =item B<aNULL> | ||
96 | |||
97 | -the cipher suites offering no authentication. This is currently the anonymous | ||
98 | +The cipher suites offering no authentication. This is currently the anonymous | ||
99 | DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable | ||
100 | to a "man in the middle" attack and so their use is normally discouraged. | ||
101 | +These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL> | ||
102 | +ciphers. | ||
103 | +Be careful when building cipherlists out of lower-level primitives such as | ||
104 | +B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers. | ||
105 | +When in doubt, include B<!aNULL> in your cipherlist. | ||
106 | |||
107 | =item B<kRSA>, B<RSA> | ||
108 | |||
109 | Index: openssl-1.0.2d/ssl/s3_lib.c | ||
110 | =================================================================== | ||
111 | --- openssl-1.0.2d.orig/ssl/s3_lib.c | ||
112 | +++ openssl-1.0.2d/ssl/s3_lib.c | ||
113 | @@ -198,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
114 | }, | ||
115 | |||
116 | /* Cipher 03 */ | ||
117 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
118 | { | ||
119 | 1, | ||
120 | SSL3_TXT_RSA_RC4_40_MD5, | ||
121 | @@ -212,6 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
122 | 40, | ||
123 | 128, | ||
124 | }, | ||
125 | +#endif | ||
126 | |||
127 | /* Cipher 04 */ | ||
128 | { | ||
129 | @@ -246,6 +248,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
130 | }, | ||
131 | |||
132 | /* Cipher 06 */ | ||
133 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
134 | { | ||
135 | 1, | ||
136 | SSL3_TXT_RSA_RC2_40_MD5, | ||
137 | @@ -260,6 +263,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
138 | 40, | ||
139 | 128, | ||
140 | }, | ||
141 | +#endif | ||
142 | |||
143 | /* Cipher 07 */ | ||
144 | #ifndef OPENSSL_NO_IDEA | ||
145 | @@ -280,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
146 | #endif | ||
147 | |||
148 | /* Cipher 08 */ | ||
149 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
150 | { | ||
151 | 1, | ||
152 | SSL3_TXT_RSA_DES_40_CBC_SHA, | ||
153 | @@ -294,8 +299,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
154 | 40, | ||
155 | 56, | ||
156 | }, | ||
157 | +#endif | ||
158 | |||
159 | /* Cipher 09 */ | ||
160 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
161 | { | ||
162 | 1, | ||
163 | SSL3_TXT_RSA_DES_64_CBC_SHA, | ||
164 | @@ -310,6 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
165 | 56, | ||
166 | 56, | ||
167 | }, | ||
168 | +#endif | ||
169 | |||
170 | /* Cipher 0A */ | ||
171 | { | ||
172 | @@ -329,6 +337,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
173 | |||
174 | /* The DH ciphers */ | ||
175 | /* Cipher 0B */ | ||
176 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
177 | { | ||
178 | 0, | ||
179 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | ||
180 | @@ -343,8 +352,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
181 | 40, | ||
182 | 56, | ||
183 | }, | ||
184 | +#endif | ||
185 | |||
186 | /* Cipher 0C */ | ||
187 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
188 | { | ||
189 | 1, | ||
190 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | ||
191 | @@ -359,6 +370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
192 | 56, | ||
193 | 56, | ||
194 | }, | ||
195 | +#endif | ||
196 | |||
197 | /* Cipher 0D */ | ||
198 | { | ||
199 | @@ -377,6 +389,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
200 | }, | ||
201 | |||
202 | /* Cipher 0E */ | ||
203 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
204 | { | ||
205 | 0, | ||
206 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | ||
207 | @@ -391,8 +404,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
208 | 40, | ||
209 | 56, | ||
210 | }, | ||
211 | +#endif | ||
212 | |||
213 | /* Cipher 0F */ | ||
214 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
215 | { | ||
216 | 1, | ||
217 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | ||
218 | @@ -407,6 +422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
219 | 56, | ||
220 | 56, | ||
221 | }, | ||
222 | +#endif | ||
223 | |||
224 | /* Cipher 10 */ | ||
225 | { | ||
226 | @@ -426,6 +442,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
227 | |||
228 | /* The Ephemeral DH ciphers */ | ||
229 | /* Cipher 11 */ | ||
230 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
231 | { | ||
232 | 1, | ||
233 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | ||
234 | @@ -440,8 +457,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
235 | 40, | ||
236 | 56, | ||
237 | }, | ||
238 | +#endif | ||
239 | |||
240 | /* Cipher 12 */ | ||
241 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
242 | { | ||
243 | 1, | ||
244 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | ||
245 | @@ -456,6 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
246 | 56, | ||
247 | 56, | ||
248 | }, | ||
249 | +#endif | ||
250 | |||
251 | /* Cipher 13 */ | ||
252 | { | ||
253 | @@ -474,6 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
254 | }, | ||
255 | |||
256 | /* Cipher 14 */ | ||
257 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
258 | { | ||
259 | 1, | ||
260 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | ||
261 | @@ -488,8 +509,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
262 | 40, | ||
263 | 56, | ||
264 | }, | ||
265 | +#endif | ||
266 | |||
267 | /* Cipher 15 */ | ||
268 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
269 | { | ||
270 | 1, | ||
271 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | ||
272 | @@ -504,6 +527,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
273 | 56, | ||
274 | 56, | ||
275 | }, | ||
276 | +#endif | ||
277 | |||
278 | /* Cipher 16 */ | ||
279 | { | ||
280 | @@ -522,6 +546,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
281 | }, | ||
282 | |||
283 | /* Cipher 17 */ | ||
284 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
285 | { | ||
286 | 1, | ||
287 | SSL3_TXT_ADH_RC4_40_MD5, | ||
288 | @@ -536,6 +561,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
289 | 40, | ||
290 | 128, | ||
291 | }, | ||
292 | +#endif | ||
293 | |||
294 | /* Cipher 18 */ | ||
295 | { | ||
296 | @@ -554,6 +580,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
297 | }, | ||
298 | |||
299 | /* Cipher 19 */ | ||
300 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
301 | { | ||
302 | 1, | ||
303 | SSL3_TXT_ADH_DES_40_CBC_SHA, | ||
304 | @@ -568,8 +595,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
305 | 40, | ||
306 | 128, | ||
307 | }, | ||
308 | +#endif | ||
309 | |||
310 | /* Cipher 1A */ | ||
311 | +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
312 | { | ||
313 | 1, | ||
314 | SSL3_TXT_ADH_DES_64_CBC_SHA, | ||
315 | @@ -584,6 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
316 | 56, | ||
317 | 56, | ||
318 | }, | ||
319 | +#endif | ||
320 | |||
321 | /* Cipher 1B */ | ||
322 | { | ||
323 | @@ -655,6 +685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
324 | #ifndef OPENSSL_NO_KRB5 | ||
325 | /* The Kerberos ciphers*/ | ||
326 | /* Cipher 1E */ | ||
327 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
328 | { | ||
329 | 1, | ||
330 | SSL3_TXT_KRB5_DES_64_CBC_SHA, | ||
331 | @@ -669,6 +700,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
332 | 56, | ||
333 | 56, | ||
334 | }, | ||
335 | +# endif | ||
336 | |||
337 | /* Cipher 1F */ | ||
338 | { | ||
339 | @@ -719,6 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
340 | }, | ||
341 | |||
342 | /* Cipher 22 */ | ||
343 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
344 | { | ||
345 | 1, | ||
346 | SSL3_TXT_KRB5_DES_64_CBC_MD5, | ||
347 | @@ -733,6 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
348 | 56, | ||
349 | 56, | ||
350 | }, | ||
351 | +# endif | ||
352 | |||
353 | /* Cipher 23 */ | ||
354 | { | ||
355 | @@ -783,6 +817,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
356 | }, | ||
357 | |||
358 | /* Cipher 26 */ | ||
359 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
360 | { | ||
361 | 1, | ||
362 | SSL3_TXT_KRB5_DES_40_CBC_SHA, | ||
363 | @@ -797,8 +832,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
364 | 40, | ||
365 | 56, | ||
366 | }, | ||
367 | +# endif | ||
368 | |||
369 | /* Cipher 27 */ | ||
370 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
371 | { | ||
372 | 1, | ||
373 | SSL3_TXT_KRB5_RC2_40_CBC_SHA, | ||
374 | @@ -813,8 +850,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
375 | 40, | ||
376 | 128, | ||
377 | }, | ||
378 | +# endif | ||
379 | |||
380 | /* Cipher 28 */ | ||
381 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
382 | { | ||
383 | 1, | ||
384 | SSL3_TXT_KRB5_RC4_40_SHA, | ||
385 | @@ -829,8 +868,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
386 | 40, | ||
387 | 128, | ||
388 | }, | ||
389 | +# endif | ||
390 | |||
391 | /* Cipher 29 */ | ||
392 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
393 | { | ||
394 | 1, | ||
395 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | ||
396 | @@ -845,8 +886,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
397 | 40, | ||
398 | 56, | ||
399 | }, | ||
400 | +# endif | ||
401 | |||
402 | /* Cipher 2A */ | ||
403 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
404 | { | ||
405 | 1, | ||
406 | SSL3_TXT_KRB5_RC2_40_CBC_MD5, | ||
407 | @@ -861,8 +904,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
408 | 40, | ||
409 | 128, | ||
410 | }, | ||
411 | +# endif | ||
412 | |||
413 | /* Cipher 2B */ | ||
414 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
415 | { | ||
416 | 1, | ||
417 | SSL3_TXT_KRB5_RC4_40_MD5, | ||
418 | @@ -877,6 +922,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
419 | 40, | ||
420 | 128, | ||
421 | }, | ||
422 | +# endif | ||
423 | #endif /* OPENSSL_NO_KRB5 */ | ||
424 | |||
425 | /* New AES ciphersuites */ | ||
426 | @@ -1300,6 +1346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
427 | # endif | ||
428 | |||
429 | /* Cipher 62 */ | ||
430 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
431 | { | ||
432 | 1, | ||
433 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, | ||
434 | @@ -1314,8 +1361,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
435 | 56, | ||
436 | 56, | ||
437 | }, | ||
438 | +# endif | ||
439 | |||
440 | /* Cipher 63 */ | ||
441 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
442 | { | ||
443 | 1, | ||
444 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | ||
445 | @@ -1330,8 +1379,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
446 | 56, | ||
447 | 56, | ||
448 | }, | ||
449 | +# endif | ||
450 | |||
451 | /* Cipher 64 */ | ||
452 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
453 | { | ||
454 | 1, | ||
455 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, | ||
456 | @@ -1346,8 +1397,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
457 | 56, | ||
458 | 128, | ||
459 | }, | ||
460 | +# endif | ||
461 | |||
462 | /* Cipher 65 */ | ||
463 | +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS | ||
464 | { | ||
465 | 1, | ||
466 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | ||
467 | @@ -1362,6 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] | ||
468 | 56, | ||
469 | 128, | ||
470 | }, | ||
471 | +# endif | ||
472 | |||
473 | /* Cipher 66 */ | ||
474 | { | ||
475 | Index: openssl-1.0.2d/CHANGES | ||
476 | =================================================================== | ||
477 | --- openssl-1.0.2d.orig/CHANGES | ||
478 | +++ openssl-1.0.2d/CHANGES | ||
479 | @@ -2,7 +2,11 @@ | ||
480 | OpenSSL CHANGES | ||
481 | _______________ | ||
482 | |||
483 | - | ||
484 | + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. | ||
485 | + Builds that are not configured with "enable-weak-ssl-ciphers" will not | ||
486 | + provide any "EXPORT" or "LOW" strength ciphers. | ||
487 | + [Viktor Dukhovni] | ||
488 | + | ||
489 | * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 | ||
490 | is by default disabled at build-time. Builds that are not configured with | ||
491 | "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, | ||
492 | Index: openssl-1.0.2d/NEWS | ||
493 | =================================================================== | ||
494 | --- openssl-1.0.2d.orig/NEWS | ||
495 | +++ openssl-1.0.2d/NEWS | ||
496 | @@ -1,6 +1,7 @@ | ||
497 | |||
498 | NEWS | ||
499 | ==== | ||
500 | + Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. | ||
501 | Disable SSLv2 default build, default negotiation and weak ciphers. | ||
502 | |||
503 | This file gives a brief overview of the major changes between each OpenSSL | ||