From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 29 Jul 2024 17:49:51 +0000 (+0200)
Subject: 3DES ciphersuites are not allowed in FIPS anymore
X-Git-Tag: openssl-3.4.0-alpha1~247
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bbcd0c537765dff63bb77774caa9331569cc6ae;p=thirdparty%2Fopenssl.git

3DES ciphersuites are not allowed in FIPS anymore

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25028)
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 5c7f338c652..86d81984a65 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -205,7 +205,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -221,7 +221,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -237,7 +237,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -253,7 +253,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1011,7 +1011,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1079,7 +1079,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1147,7 +1147,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1375,7 +1375,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1425,7 +1425,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1475,7 +1475,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      SSL3_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,
@@ -1819,7 +1819,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      SSL_SHA1,
      TLS1_VERSION, TLS1_2_VERSION,
      DTLS1_BAD_VER, DTLS1_2_VERSION,
-     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
      112,
      168,