Removed support for EXPORT ciphersuitesremove-rsa-export

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-08-10 10:18:16 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-08-10 11:42:28 +0200
commit: 63d331755f55fc121481b42d7ac3210c89603ea8 (patch)
tree: 27057a9dc890dc52384d72c13542868219efa90c /lib/gnutls_priority.c
parent: 14aa5a5f99f1e50a3643a008c8aed358a1517def (diff)
download: gnutls-remove-rsa-export.tar.gz
1 files changed, 1 insertions, 31 deletions
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 6b5bd2af3a..df343b23ab 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -235,14 +235,6 @@ static const int kx_priority_performance[] = {
   0
 };
 
-static const int kx_priority_export[] = {
-  GNUTLS_KX_RSA,
-  GNUTLS_KX_DHE_RSA,
-  GNUTLS_KX_DHE_DSS,
-  GNUTLS_KX_RSA_EXPORT,
-  0
-};
-
 static const int kx_priority_secure[] = {
   /* The ciphersuites that offer forward secrecy take
    * precendance
@@ -313,20 +305,6 @@ static const int cipher_priority_secure256[] = {
   0
 };
 
-/* The same as cipher_priority_security_normal + arcfour-40. */
-static const int cipher_priority_export[] = {
-  GNUTLS_CIPHER_AES_128_CBC,
-  GNUTLS_CIPHER_AES_256_CBC,
-#ifdef	ENABLE_CAMELLIA
-  GNUTLS_CIPHER_CAMELLIA_128_CBC,
-  GNUTLS_CIPHER_CAMELLIA_256_CBC,
-#endif
-  GNUTLS_CIPHER_3DES_CBC,
-  GNUTLS_CIPHER_ARCFOUR_128,
-  GNUTLS_CIPHER_ARCFOUR_40,
-  0
-};
-
 static const int comp_priority[] = {
   /* compression should be explicitely requested to be enabled */
   GNUTLS_COMP_NULL,
@@ -585,7 +563,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
           _set_priority (&(*priority_cache)->sign_algo,
                          sign_priority_default);
         }
-      else if (strcasecmp (broken_list[i], "NORMAL") == 0)
+      else if (strcasecmp (broken_list[i], "NORMAL") == 0 || strcasecmp (broken_list[i], "EXPORT") == 0)
         {
           _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
           _set_priority (&(*priority_cache)->kx, kx_priority_secure);
@@ -612,14 +590,6 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
           _set_priority (&(*priority_cache)->sign_algo,
                          sign_priority_secure128);
         }
-      else if (strcasecmp (broken_list[i], "EXPORT") == 0)
-        {
-          _set_priority (&(*priority_cache)->cipher, cipher_priority_export);
-          _set_priority (&(*priority_cache)->kx, kx_priority_export);
-          _set_priority (&(*priority_cache)->mac, mac_priority_secure);
-          _set_priority (&(*priority_cache)->sign_algo,
-                         sign_priority_default);
-        }                       /* now check if the element is something like -ALGO */
       else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
                || broken_list[i][0] == '-')
         {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-08-10 10:18:16 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-08-10 11:42:28 +0200
commit	63d331755f55fc121481b42d7ac3210c89603ea8 (patch)
tree	27057a9dc890dc52384d72c13542868219efa90c /lib/gnutls_priority.c
parent	14aa5a5f99f1e50a3643a008c8aed358a1517def (diff)
download	gnutls-remove-rsa-export.tar.gz