From bc3482442acb6269733a36abb995853e7ce20aae Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Sat, 6 Mar 1999 15:21:02 +0000
Subject: [PATCH] Disable new TLS1 ciphersuites.

---
 CHANGES      | 3 +++
 ssl/s3_lib.c | 2 ++
 ssl/tls1.h   | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/CHANGES b/CHANGES
index 7aea4643ad..4f8e8bc090 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
   *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
      on the `perl Configure ...' command line. This way one can compile
      OpenSSL libraries with Position Independent Code (PIC) which is needed
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c32b716041..78afd87ced 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -355,6 +355,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	SSL_ALL_CIPHERS,
 	},
 
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
 	/* New TLS Export CipherSuites */
 	/* Cipher 60 */
 	    {
@@ -383,6 +384,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	    0,
 	    SSL_ALL_CIPHERS
 	    },
+#endif
 
 /* end of list */
 	};
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 8d47ae591a..780beea855 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -65,6 +65,8 @@
 extern "C" {
 #endif
 
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
+
 #define TLS1_VERSION			0x0301
 #define TLS1_VERSION_MAJOR		0x03
 #define TLS1_VERSION_MINOR		0x01
-- 
GitLab