Update from 1.0.0-stable
diff --git a/CHANGES b/CHANGES
index e8f1748..dff85b2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
+ *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+ this allows the use of compression and extensions. Change default cipher
+ string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+ by default unless an application cipher string requests it.
+ [Steve Henson]
+
*) Alter match criteria in PKCS12_parse(). It used to try to use local
key ids to find matching certificates and keys but some PKCS#12 files
don't follow the (somewhat unwritten) rules and this strategy fails.
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index b13c567..f7c7874 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -366,6 +366,7 @@
if (move_p)
{
X509_NAME_delete_entry(nm, i);
+ X509_NAME_ENTRY_free(ne);
i--;
}
if(!email || !(gen = GENERAL_NAME_new())) {
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 0912528..a71311e 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -250,6 +250,20 @@
return(ret);
}
+static int ssl23_no_ssl2_ciphers(SSL *s)
+ {
+ SSL_CIPHER *cipher;
+ STACK_OF(SSL_CIPHER) *ciphers;
+ int i;
+ ciphers = SSL_get_ciphers(s);
+ for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
+ {
+ cipher = sk_SSL_CIPHER_value(ciphers, i);
+ if (cipher->algorithm_ssl == SSL_SSLV2)
+ return 0;
+ }
+ return 1;
+ }
static int ssl23_client_hello(SSL *s)
{
@@ -264,6 +278,9 @@
ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
+ if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
+ ssl2_compat = 0;
+
if (!(s->options & SSL_OP_NO_TLSv1))
{
version = TLS1_VERSION;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index d0c42fa..a9d1fa5 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -324,8 +324,8 @@
/* The following cipher list is used by default.
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL"
-/* As of OpenSSL 0.9.9, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSlv2"
+/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
* throwing out anonymous and unencrypted ciphersuites!
* (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
