提交 1d90f280 编写于 作者: B Bodo Möller

In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites

上级 8acdd759
...@@ -4,6 +4,12 @@ ...@@ -4,6 +4,12 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) Add '-tls1' option to 'openssl ciphers', which was already
mentioned in the documentation but had not been implemented.
(This option is not yet really useful because even the additional
experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
[Bodo Moeller]
*) Initial DSO code added into libcrypto for letting OpenSSL (and *) Initial DSO code added into libcrypto for letting OpenSSL (and
OpenSSL-based applications) load shared libraries and bind to OpenSSL-based applications) load shared libraries and bind to
them in a portable way. them in a portable way.
......
...@@ -74,6 +74,7 @@ static char *ciphers_usage[]={ ...@@ -74,6 +74,7 @@ static char *ciphers_usage[]={
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", " -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
" -ssl2 - SSL2 mode\n", " -ssl2 - SSL2 mode\n",
" -ssl3 - SSL3 mode\n", " -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n",
NULL NULL
}; };
...@@ -121,6 +122,10 @@ int MAIN(int argc, char **argv) ...@@ -121,6 +122,10 @@ int MAIN(int argc, char **argv)
#ifndef NO_SSL3 #ifndef NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0) else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method(); meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif #endif
else if ((strncmp(*argv,"-h",2) == 0) || else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0)) (strcmp(*argv,"-?") == 0))
......
...@@ -84,6 +84,10 @@ extern "C" { ...@@ -84,6 +84,10 @@ extern "C" {
#define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_USER_CANCELLED 90
#define TLS1_AD_NO_RENEGOTIATION 100 #define TLS1_AD_NO_RENEGOTIATION 100
/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
* s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
* shouldn't. */
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
...@@ -92,6 +96,13 @@ extern "C" { ...@@ -92,6 +96,13 @@ extern "C" {
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
/* XXX
* Inconsistency alert:
* The OpenSSL names of ciphers with ephemeral DH here include the string
* "DHE", while elsewhere it has always been "EDH".
* (The alias for the list of all such ciphers also is "EDH".)
* The specifications speak of "EDH"; maybe we should allow both forms
* for everything. */
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册