From 5b57fe0a1ed1162d4bbaed28d5046300be42d6ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Wed, 14 Jun 2006 17:51:46 +0000
Subject: [PATCH] Disable invalid ciphersuites

---
 CHANGES    | 45 ++++++++++++++++++++++++++++++---------------
 ssl/tls1.h |  2 +-
 2 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2cf3cd22b2..0d4435913c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -250,21 +250,6 @@
      implementations, between 32- and 64-bit builds without hassle.
      [Andy Polyakov]
 
-  *) Disable rogue ciphersuites:
-
-      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
-      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
-      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
-     The latter two were purportedly from
-     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
-     appear there.
-
-     Other ciphersuites from draft-ietf-tls-56-bit-ciphersuites-01.txt
-     remain enabled for now, but are just as unofficial, and the ID
-     has long expired; these will probably disappear soon.
-     [Bodo Moeller]
-
   *) Move code previously exiled into file crypto/ec/ec2_smpt.c
      to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
      macro.
@@ -322,6 +307,21 @@
 
  Changes between 0.9.8b and 0.9.8c  [xx XXX xxxx]
 
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
   *) Fix RSA blinding Heisenbug (problems sometimes occured on
      dual-core machines) and other potential thread-safety issues.
      [Bodo Moeller]
@@ -1248,6 +1248,21 @@
 
  Changes between 0.9.7j and 0.9.7k  [xx XXX xxxx]
 
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
   *) Fix RSA blinding Heisenbug (problems sometimes occured on
      dual-core machines) and other potential thread-safety issues.
      [Bodo Moeller]
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 1c1ca1533b..d6687a8fe4 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -157,7 +157,7 @@
 extern "C" {
 #endif
 
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	1
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
 
 #define TLS1_VERSION			0x0301
 #define TLS1_VERSION_MAJOR		0x03
-- 
GitLab