diff options
| author | Nicola Tuveri <nic.tuv@gmail.com> | 2022-02-22 14:47:11 +0200 |
|---|---|---|
| committer | Nicola Tuveri <nic.tuv@gmail.com> | 2022-03-01 10:51:03 +0200 |
| commit | 66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4 (patch) | |
| tree | 4ab2b91f859097ac4e2837b215ad7ed42ec832d5 /ssl | |
| parent | d2d2401aed7ff45f4c013201944e1218dce12da7 (diff) | |
| download | openssl-new-66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4.tar.gz | |
[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_lib.c | 12 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 2 |
2 files changed, 7 insertions, 7 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3b3cc8a32a..101d879faf 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2168,7 +2168,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA128, SSL_SHA256, @@ -2184,7 +2184,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA128, SSL_SHA256, @@ -2200,7 +2200,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA128, SSL_SHA256, @@ -2232,7 +2232,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA256, SSL_SHA256, @@ -2248,7 +2248,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA256, SSL_SHA256, @@ -2264,7 +2264,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA256, SSL_SHA256, diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 4cfd005ebe..e13bbe8981 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1034,7 +1034,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, return 0; /* Level 3: forward secure ciphersuites only */ if (level >= 3 && c->min_tls != TLS1_3_VERSION && - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) + !(c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE))) return 0; break; } |