git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Matt Caswell <matt@openssl.org>
	Fri, 16 Feb 2018 11:26:02 +0000 (11:26 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 14 Mar 2018 10:15:50 +0000 (10:15 +0000)
commit	f865b08143b453962ad4afccd69e698d13c60f77
tree	9d1a2ae3fabc63589815a2426456417ec1d14f33	tree \| snapshot
parent	5b68d1792021463b7cd5d76c82b251d61a56d869	commit \| diff

Split configuration of TLSv1.3 ciphers from older ciphers

With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.

In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.

This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.

Fixes #5359

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)

26 files changed:

apps/apps.h		diff \| blob \| blame \| history
apps/ciphers.c		diff \| blob \| blame \| history
crypto/err/openssl.txt		diff \| blob \| blame \| history
include/openssl/ssl.h		diff \| blob \| blame \| history
include/openssl/sslerr.h		diff \| blob \| blame \| history
include/openssl/tls1.h		diff \| blob \| blame \| history
ssl/s3_lib.c		diff \| blob \| blame \| history
ssl/ssl_ciph.c		diff \| blob \| blame \| history
ssl/ssl_conf.c		diff \| blob \| blame \| history
ssl/ssl_err.c		diff \| blob \| blame \| history
ssl/ssl_lib.c		diff \| blob \| blame \| history
ssl/ssl_locl.h		diff \| blob \| blame \| history
test/cipherlist_test.c		diff \| blob \| blame \| history
test/clienthellotest.c		diff \| blob \| blame \| history
test/fatalerrtest.c		diff \| blob \| blame \| history
test/recipes/70-test_sslsigalgs.t		diff \| blob \| blame \| history
test/recipes/70-test_tls13hrr.t		diff \| blob \| blame \| history
test/recipes/70-test_tls13psk.t		diff \| blob \| blame \| history
test/recipes/80-test_ssl_old.t		diff \| blob \| blame \| history
test/ssl-tests/02-protocol-version.conf		diff \| blob \| blame \| history
test/ssl-tests/protocol_version.pm		diff \| blob \| blame \| history
test/sslapitest.c		diff \| blob \| blame \| history
test/sslcorrupttest.c		diff \| blob \| blame \| history
test/ssltest_old.c		diff \| blob \| blame \| history
util/libssl.num		diff \| blob \| blame \| history
util/perl/TLSProxy/Proxy.pm		diff \| blob \| blame \| history

A mirror of the official openssl repository

RSS Atom