PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller

Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org

selection remodeling

Submitted by: Victor Duchovni

Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.

ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".

ciphersuite selection code in HEAD

Submitted by: Victor Duchovni

Submitted by: Victor Duchovni

This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.

PR: 1490

PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>

PR: 1476

PR: 1354, 1355, 1398, 1408

Submitted by: Tracy Camp <tracyx.e.camp@intel.com>

(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

Reviewed by: steve

ciphersuite as well

Fix warnings.

Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).

and allow more general RSA OIDs for ECC certs with RSA CA sig.

make sure 'mask' is initialized in ssl_cipher_get_disabled().

Also simplify code by removing some unused arguments in static functions.

the Fortezza stuff