From: Jan Venekamp <1422460+jan2000@users.noreply.github.com>
Date: Sat, 19 Feb 2022 14:44:17 +0000 (+0100)
Subject: sectransp: mark a 3DES cipher as weak
X-Git-Tag: curl-7_82_0~41
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=14d9358a0c0e232e95bf8f2bf7dcbcd7369e8dcb;p=thirdparty%2Fcurl.git

sectransp: mark a 3DES cipher as weak

- Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak.

All other 3DES ciphers are already marked as weak.

Closes https://github.com/curl/curl/pull/8479
---

diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index 059756eb69..be41d4f4bb 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -603,7 +603,7 @@ const static struct st_cipher ciphertable[] = {
              CIPHER_WEAK_RC_ENCRYPTION),
   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,                 /* 0xC003 */
              "ECDH-ECDSA-DES-CBC3-SHA",
-             CIPHER_STRONG_ENOUGH),
+             CIPHER_WEAK_3DES_ENCRYPTION),
   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,                  /* 0xC004 */
              "ECDH-ECDSA-AES128-SHA",
              CIPHER_STRONG_ENOUGH),