Disable new TLS1 ciphersuites.
diff --git a/CHANGES b/CHANGES
index 7aea464..4f8e8bc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
Changes between 0.9.1c and 0.9.2
+ *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+ [Ben Laurie]
+
*) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
on the `perl Configure ...' command line. This way one can compile
OpenSSL libraries with Position Independent Code (PIC) which is needed
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c32b716..78afd87 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -355,6 +355,7 @@
SSL_ALL_CIPHERS,
},
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
/* New TLS Export CipherSuites */
/* Cipher 60 */
{
@@ -383,6 +384,7 @@
0,
SSL_ALL_CIPHERS
},
+#endif
/* end of list */
};
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 8d47ae5..780beea 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -65,6 +65,8 @@
extern "C" {
#endif
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
+
#define TLS1_VERSION 0x0301
#define TLS1_VERSION_MAJOR 0x03
#define TLS1_VERSION_MINOR 0x01
