Attachment #7509 for bug #40189





 Changes between 1.0.1r and 1.0.1s [xx XXX xxxx]

  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
    is by default disabled at build-time.  Builds that are not configured with
    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
    will need to explicitly call either of:

        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
    or
        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);

    as appropriate.  Even if either of those is used, or the application
    explicitly uses the version-specific SSLv2_method() or its client and
    server variants, SSLv2 ciphers vulnerable to exhaustive search key
    recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
    ciphers, and SSLv2 56-bit DES are no longer available.
    [Viktor Dukhovni]

  *) Disable SRP fake user seed to address a server memory leak.

     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.

Lines 724-731 my %disabled = ( # "what" => "comment" [or special keyword "experimental Link Here

(-)a/Configure (-1 / +2 lines)
724	"md2" => "default",	724	"md2" => "default",
725	"rc5" => "default",	725	"rc5" => "default",
726	"rfc3779" => "default",	726	"rfc3779" => "default",
727	"sctp" => "default",	727	"sctp" => "default",
728	"shared" => "default",	728	"shared" => "default",
		729	"ssl2" => "default",
729	"store" => "experimental",	730	"store" => "experimental",
730	"unit-test" => "default",	731	"unit-test" => "default",
731	"zlib" => "default",	732	"zlib" => "default",

Lines 7-13 Link Here

(-)a/NEWS (-1 / +1 lines)
7		7
8	Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [under development]	8	Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [under development]
9		9
10	o	10	o Disable SSLv2 default build, default negotiation and weak ciphers.
11		11
12	Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]	12	Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
13		13




     128,
     },

# if 0
/* RC4_128_EXPORT40_WITH_MD5 */
    {
     1,

     40,
     128,
     },
# endif

/* RC2_128_CBC_WITH_MD5 */
    {

     128,
     },

# if 0
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
    {
     1,

     40,
     128,
     },
# endif

# ifndef OPENSSL_NO_IDEA
/* IDEA_128_CBC_WITH_MD5 */

     },
# endif

# if 0
/* DES_64_CBC_WITH_MD5 */
    {
     1,

     56,
     56,
     },
# endif

/* DES_192_EDE3_CBC_WITH_MD5 */
    {

Lines 1896-1901 SSL_CTX SSL_CTX_new(const SSL_METHOD meth) Link Here

(-)a/ssl/ssl_lib.c (+7 lines)
1896	*/	1896	*/
1897	ret->options \|= SSL_OP_LEGACY_SERVER_CONNECT;	1897	ret->options \|= SSL_OP_LEGACY_SERVER_CONNECT;
1898		1898
		1899	/*
		1900	* Disable SSLv2 by default, callers that want to enable SSLv2 will have to
		1901	* explicitly clear this option via either of SSL_CTX_clear_options() or
		1902	* SSL_clear_options().
		1903	*/
		1904	ret->options \|= SSL_OP_NO_SSLv2;
		1905
1899	return (ret);	1906	return (ret);
1900	err:	1907	err:
1901	SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);	1908	SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);

Return to bug 40189

Lines 156-161 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { Link Here

(-)a/ssl/s2_lib.c (+6 lines)
156	128,	156	128,
157	},	157	},
158		158
		159	# if 0
159	/* RC4_128_EXPORT40_WITH_MD5 */	160	/* RC4_128_EXPORT40_WITH_MD5 */
160	{	161	{
161	1,	162	1,
Lines 171-176 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { Link Here
171	40,	172	40,
172	128,	173	128,
173	},	174	},
		175	# endif
174		176
175	/* RC2_128_CBC_WITH_MD5 */	177	/* RC2_128_CBC_WITH_MD5 */
176	{	178	{
Lines 188-193 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { Link Here
188	128,	190	128,
189	},	191	},
190		192
		193	# if 0
191	/* RC2_128_CBC_EXPORT40_WITH_MD5 */	194	/* RC2_128_CBC_EXPORT40_WITH_MD5 */
192	{	195	{
193	1,	196	1,
Lines 203-208 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { Link Here
203	40,	206	40,
204	128,	207	128,
205	},	208	},
		209	# endif
206		210
207	# ifndef OPENSSL_NO_IDEA	211	# ifndef OPENSSL_NO_IDEA
208	/* IDEA_128_CBC_WITH_MD5 */	212	/* IDEA_128_CBC_WITH_MD5 */
Lines 222-227 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { Link Here
222	},	226	},
223	# endif	227	# endif
224		228
		229	# if 0
225	/* DES_64_CBC_WITH_MD5 */	230	/* DES_64_CBC_WITH_MD5 */
226	{	231	{
227	1,	232	1,
Lines 237-242 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { Link Here
237	56,	242	56,
238	56,	243	56,
239	},	244	},
		245	# endif
240		246
241	/* DES_192_EDE3_CBC_WITH_MD5 */	247	/* DES_192_EDE3_CBC_WITH_MD5 */
242	{	248	{

Lines 4-9 Link Here

(-)a/CHANGES (+17 lines)
4		4
5	Changes between 1.0.1r and 1.0.1s [xx XXX xxxx]	5	Changes between 1.0.1r and 1.0.1s [xx XXX xxxx]
6		6
		7	* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
		8	is by default disabled at build-time. Builds that are not configured with
		9	"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
		10	users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
		11	will need to explicitly call either of:
		12
		13	SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
		14	or
		15	SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
		16
		17	as appropriate. Even if either of those is used, or the application
		18	explicitly uses the version-specific SSLv2_method() or its client and
		19	server variants, SSLv2 ciphers vulnerable to exhaustive search key
		20	recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
		21	ciphers, and SSLv2 56-bit DES are no longer available.
		22	[Viktor Dukhovni]
		23
7	*) Disable SRP fake user seed to address a server memory leak.	24	*) Disable SRP fake user seed to address a server memory leak.
8		25
9	Add a new method SRP_VBASE_get1_by_user that handles the seed properly.	26	Add a new method SRP_VBASE_get1_by_user that handles the seed properly.