diff options
| author | Matt Caswell <matt@openssl.org> | 2018-02-16 12:26:02 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-03-14 11:15:50 +0100 |
| commit | f865b08143b453962ad4afccd69e698d13c60f77 (patch) | |
| tree | 9d1a2ae3fabc63589815a2426456417ec1d14f33 /util/libssl.num | |
| parent | Update version numbers for TLSv1.3 draft-26 (diff) | |
| download | openssl-f865b08143b453962ad4afccd69e698d13c60f77.tar.xz openssl-f865b08143b453962ad4afccd69e698d13c60f77.zip | |
Split configuration of TLSv1.3 ciphers from older ciphers
With the current mechanism, old cipher strings that used to work in 1.1.0,
may inadvertently disable all TLSv1.3 ciphersuites causing connections to
fail. This is confusing for users.
In reality TLSv1.3 are quite different to older ciphers. They are much
simpler and there are only a small number of them so, arguably, they don't
need the same level of control that the older ciphers have.
This change splits the configuration of TLSv1.3 ciphers from older ones.
By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
them through your existing config.
Fixes #5359
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5392)
Diffstat (limited to 'util/libssl.num')
| -rw-r--r-- | util/libssl.num | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/util/libssl.num b/util/libssl.num index db844e33cf..344d684a94 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -484,3 +484,5 @@ SSL_SESSION_set1_ticket_appdata 484 1_1_1 EXIST::FUNCTION: SSL_CTX_set_session_ticket_cb 485 1_1_1 EXIST::FUNCTION: SSL_CTX_set_stateless_cookie_generate_cb 486 1_1_1 EXIST::FUNCTION: SSL_CTX_set_stateless_cookie_verify_cb 487 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_ciphersuites 488 1_1_1 EXIST::FUNCTION: +SSL_set_ciphersuites 489 1_1_1 EXIST::FUNCTION: |