Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This prevents cipher lists from inadvertantly having NULL ciphers at the top of their list (e.g. the default ones) because they didn't have to be taken into account before.

commit: bc420ac592df14384ba4acf7104482123e8729ba [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Fri Mar 12 01:43:28 1999 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Fri Mar 12 01:43:28 1999 +0000
tree: ec02b3a751339a1a70935bff519e10b7510e582c
parent: abd4c915271d8660f52e5e8c5b6abc9deed1302a [diff] [blame]
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index cb48f36..29058d7 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c

@@ -111,7 +111,8 @@
 	} CIPHER_ORDER;
 
 static SSL_CIPHER cipher_aliases[]={
-	{0,SSL_TXT_ALL, 0,SSL_ALL,   0,SSL_ALL},	/* must be first */
+	/* Don't include eNULL unless specifically enabled */
+	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */
 	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,SSL_MKEY_MASK},
 	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,SSL_MKEY_MASK},
 	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,SSL_MKEY_MASK},
@@ -403,7 +404,7 @@
 		}
 
 	/* special case */
-	cipher_aliases[0].algorithms= ~mask;
+	cipher_aliases[0].algorithms &= ~mask;
 
 	/* get the aliases */
 	k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);
commit	bc420ac592df14384ba4acf7104482123e8729ba	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Fri Mar 12 01:43:28 1999 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Fri Mar 12 01:43:28 1999 +0000
tree	ec02b3a751339a1a70935bff519e10b7510e582c
parent	abd4c915271d8660f52e5e8c5b6abc9deed1302a [diff] [blame]