Changes between 1.0.2h and 1.1.0 [xx XXX xxxx]
+ *) Because of the SWEET32 attack, 3DES cipher suites have been disabled by
+ default like RC4. See the RC4 item below to re-enable both.
+ [Rich Salz]
+
*) The method for finding the storage location for the Windows RAND seed file
has changed. First we check %RANDFILE%. If that is not set then we check
the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If
0,
0,
},
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_DES_192_CBC3_SHA,
112,
168,
},
+#endif
{
1,
TLS1_TXT_RSA_WITH_AES_128_SHA,
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
0,
0,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
256,
256,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
256,
256,
},
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
0,
},
# ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
112,
168,
},
+# endif
{
1,
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
#endif
-#ifndef OPENSSL_NO_DES
-# ifndef OPENSSL_NO_EC
- TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-# endif
-# ifndef OPENSSL_NO_DH
- SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
-# endif
-#endif /* !OPENSSL_NO_DES */
-
#ifndef OPENSSL_NO_TLS1_2
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_RSA_WITH_AES_256_SHA,
TLS1_CK_RSA_WITH_AES_128_SHA,
-#ifndef OPENSSL_NO_DES
- SSL3_CK_RSA_DES_192_CBC3_SHA,
-#endif
};
static int test_default_cipherlist(SSL_CTX *ctx)