diff options
| author |   itojun <itojun@openbsd.org> | 2002-06-07 19:55:34 +0000 |
|---|---|---|
| committer | itojun <itojun@openbsd.org> | 2002-06-07 19:55:34 +0000 |
| commit | 8edbd8abb842e2b5280cc76293e7b81b8e9610aa (patch) | |
| tree | cb897a85379f8bb33fa44f24bebfdb8d1e6a66fc /lib/libssl/ssl_ciph.c | |
| parent | Start for support of IKECFG in SET/ACK mode. Server side only so far. (diff) | |
| download | wireguard-openbsd-8edbd8abb842e2b5280cc76293e7b81b8e9610aa.tar.xz wireguard-openbsd-8edbd8abb842e2b5280cc76293e7b81b8e9610aa.zip | |
do not propose IDEA cipher on SSL connection. tested by beck
noticed by Sverre Froyen <sverre@viewmark.com>
Diffstat (limited to 'lib/libssl/ssl_ciph.c')
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index cdd8dde128b..57bbde5f270 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -124,7 +124,9 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, +#ifndef OPENSSL_NO_IDEA {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, +#endif {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, @@ -165,8 +167,12 @@ static void load_ciphers(void) EVP_get_cipherbyname(SN_rc4); ssl_cipher_methods[SSL_ENC_RC2_IDX]= EVP_get_cipherbyname(SN_rc2_cbc); +#ifndef OPENSSL_NO_IDEA ssl_cipher_methods[SSL_ENC_IDEA_IDX]= EVP_get_cipherbyname(SN_idea_cbc); +#else + ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; +#endif ssl_cipher_methods[SSL_ENC_AES128_IDX]= EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= |