author | Ronald Jordan <ron.jordan@oracle.com> |
Tue, 27 Sep 2016 10:50:55 -0700 | |
branch | s11u3-sru |
changeset 6981 | 1d2ebf9515bd |
parent 5951 | 53f9397aa985 |
permissions | -rw-r--r-- |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
1 |
# |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
2 |
# This was developed in house. Not applicable to the upstream. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
3 |
# |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
4 |
--- openssl-1.0.1/ssl/ssl.h Tue May 26 11:13:15 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
5 |
+++ openssl-1.0.1/ssl/ssl.h.new Tue May 26 11:32:09 2015 |
5951
53f9397aa985
23221238 Upgrade OpenSSL version to 1.0.1t
Ronald Jordan <ron.jordan@oracle.com>
parents:
5557
diff
changeset
|
6 |
@@ -2016,12 +2016,28 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
7 |
/* This sets the 'default' SSL version that SSL_new() will create */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
8 |
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
9 |
|
5951
53f9397aa985
23221238 Upgrade OpenSSL version to 1.0.1t
Ronald Jordan <ron.jordan@oracle.com>
parents:
5557
diff
changeset
|
10 |
-# ifndef OPENSSL_NO_SSL2_METHOD |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
11 |
-const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
12 |
-const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
13 |
-const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
14 |
-# endif |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
15 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
16 |
+#ifndef __has_attribute |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
17 |
+# define __has_attribute(x) 0 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
18 |
+#endif |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
19 |
+ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
20 |
+/* Mark SSLv2_* functions deprecated */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
21 |
+#if __has_attribute(deprecated) \ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
22 |
+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 301)) \ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
23 |
+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x5130)) |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
24 |
+# define DEPRECATED __attribute__((deprecated)) |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
25 |
+#else |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
26 |
+# define DEPRECATED |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
27 |
+#endif |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
28 |
+ |
4589
13498d090b19
21274628 python/cryptography doesn't build on s12-76
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
4414
diff
changeset
|
29 |
+# ifndef OPENSSL_NO_SSL2 |
5951
53f9397aa985
23221238 Upgrade OpenSSL version to 1.0.1t
Ronald Jordan <ron.jordan@oracle.com>
parents:
5557
diff
changeset
|
30 |
+# ifndef OPENSSL_NO_SSL2_METHOD |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
31 |
+DEPRECATED const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
32 |
+DEPRECATED const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
33 |
+DEPRECATED const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ |
4589
13498d090b19
21274628 python/cryptography doesn't build on s12-76
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
4414
diff
changeset
|
34 |
+# endif |
5951
53f9397aa985
23221238 Upgrade OpenSSL version to 1.0.1t
Ronald Jordan <ron.jordan@oracle.com>
parents:
5557
diff
changeset
|
35 |
+# endif |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
36 |
+ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
37 |
# ifndef OPENSSL_NO_SSL3_METHOD |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
38 |
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
39 |
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
40 |
--- openssl-1.0.1/doc/ssl/SSL_CIPHER_get_name.pod Tue May 26 11:13:15 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
41 |
+++ openssl-1.0.1/doc/ssl/SSL_CIPHER_get_name.pod.new Tue May 26 11:32:09 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
42 |
@@ -25,7 +25,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
43 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
44 |
SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
45 |
version that first defined the cipher. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
46 |
-This is currently B<SSLv2> or B<TLSv1/SSLv3>. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
47 |
+This is currently B<TLSv1/SSLv3>. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
48 |
In some cases it should possibly return "TLSv1.2" but does not; |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
49 |
use SSL_CIPHER_description() instead. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
50 |
If B<cipher> is NULL, "(NONE)" is returned. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
51 |
@@ -56,7 +56,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
52 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
53 |
=item <protocol version> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
54 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
55 |
-Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
56 |
+Protocol version: B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
57 |
flagged with SSLv3. No new ciphers were added by TLSv1.1. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
58 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
59 |
=item Kx=<key exchange> |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
60 |
--- openssl-1.0.1/doc/ssl/SSL_CTX_new.pod Tue Mar 1 14:02:53 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
61 |
+++ openssl-1.0.1/doc/ssl/SSL_CTX_new.pod.new Tue Mar 1 14:35:59 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
62 |
@@ -62,12 +62,12 @@ |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
63 |
These are the general-purpose I<version-flexible> SSL/TLS methods. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
64 |
The actual protocol version used will be negotiated to the highest version |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
65 |
mutually supported by the client and the server. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
66 |
-The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
67 |
+The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
68 |
Most applications should use these method, and avoid the version specific |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
69 |
methods described below. |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
70 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
71 |
The list of protocols available can be further limited using the |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
72 |
-B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
73 |
+B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
74 |
B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
75 |
L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
76 |
Clients should avoid creating "holes" in the set of protocols they support, |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
77 |
@@ -81,8 +81,6 @@ |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
78 |
Applications should typically use L<SSL_CTX_set_options(3)> in combination with |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
79 |
the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
80 |
I<version-flexible> SSL/TLS methods. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
81 |
-The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
82 |
-via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
83 |
|
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
84 |
=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method() |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
85 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
86 |
@@ -115,13 +113,7 @@ |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
87 |
|
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
88 |
=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method() |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
89 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
90 |
-A TLS/SSL connection established with these methods will only understand the |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
91 |
-SSLv2 protocol. A client will send out SSLv2 client hello messages and will |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
92 |
-also indicate that it only understand SSLv2. A server will only understand |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
93 |
-SSLv2 client hello messages. The SSLv2 protocol offers little to no security |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
94 |
-and should not be used. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
95 |
-As of OpenSSL 1.0.1s, EXPORT ciphers and 56-bit DES are no longer available |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
96 |
-with SSLv2. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
97 |
+The SSLv2 protocol offers little to no security and has been deprecated. |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
98 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
99 |
=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method() |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
100 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
101 |
--- openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod Thu Mar 19 06:37:10 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
102 |
+++ openssl-1.0.1/doc/ssl/SSL_CTX_set_cipher_list.pod.new Tue May 26 11:38:09 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
103 |
@@ -54,10 +54,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
104 |
keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
105 |
and the handshake will fail. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
106 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
107 |
-If the cipher list does not contain any SSLv2 cipher suites (this is the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
108 |
-default) then SSLv2 is effectively disabled and neither clients nor servers |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
109 |
-will attempt to use SSLv2. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
110 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
111 |
=head1 RETURN VALUES |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
112 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
113 |
SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
114 |
--- openssl-1.0.1/doc/ssl/SSL_CTX_set_generate_session_id.pod Thu Jan 15 06:43:49 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
115 |
+++ openssl-1.0.1/doc/ssl/SSL_CTX_set_generate_session_id.pod.new Tue May 26 11:40:47 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
116 |
@@ -32,9 +32,8 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
117 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
118 |
When a new session is established between client and server, the server |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
119 |
generates a session id. The session id is an arbitrary sequence of bytes. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
120 |
-The length of the session id is 16 bytes for SSLv2 sessions and between |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
121 |
-1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
122 |
-but must be unique for the server. Additionally, the session id is |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
123 |
+The length of the session id is between 1 and 32 bytes. The session id is not |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
124 |
+security critical but must be unique for the server. Additionally, the session id is |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
125 |
transmitted in the clear when reusing the session so it must not contain |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
126 |
sensitive information. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
127 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
128 |
@@ -51,12 +50,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
129 |
the callback B<must never> increase B<id_len> or write to the location |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
130 |
B<id> exceeding the given limit. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
131 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
132 |
-If a SSLv2 session id is generated and B<id_len> is reduced, it will be |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
133 |
-restored after the callback has finished and the session id will be padded |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
134 |
-with 0x00. It is not recommended to change the B<id_len> for SSLv2 sessions. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
135 |
-The callback can use the L<SSL_get_version(3)|SSL_get_version(3)> function |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
136 |
-to check, whether the session is of type SSLv2. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
137 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
138 |
The location B<id> is filled with 0x00 before the callback is called, so the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
139 |
callback may only fill part of the possible length and leave B<id_len> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
140 |
untouched while maintaining reproducibility. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
141 |
@@ -63,9 +56,8 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
142 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
143 |
Since the sessions must be distinguished, session ids must be unique. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
144 |
Without the callback a random number is used, so that the probability |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
145 |
-of generating the same session id is extremely small (2^128 possible ids |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
146 |
-for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
147 |
-uniqueness of the generated session id, the callback must call |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
148 |
+of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
149 |
+In order to assure the uniqueness of the generated session id, the callback must call |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
150 |
SSL_has_matching_session_id() and generate another id if a conflict occurs. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
151 |
If an id conflict is not resolved, the handshake will fail. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
152 |
If the application codes e.g. a unique host id, a unique process number, and |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
153 |
@@ -85,10 +77,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
154 |
the external cache is not tested with SSL_has_matching_session_id() |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
155 |
and the same race condition applies. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
156 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
157 |
-When calling SSL_has_matching_session_id() for an SSLv2 session with |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
158 |
-reduced B<id_len>, the match operation will be performed using the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
159 |
-fixed length required and with a 0x00 padded id. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
160 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
161 |
The callback must return 0 if it cannot generate a session id for whatever |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
162 |
reason and return 1 on success. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
163 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
164 |
@@ -104,12 +92,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
165 |
unsigned int *id_len) |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
166 |
{ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
167 |
unsigned int count = 0; |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
168 |
- const char *version; |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
169 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
170 |
- version = SSL_get_version(ssl); |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
171 |
- if (!strcmp(version, "SSLv2")) |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
172 |
- /* we must not change id_len */; |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
173 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
174 |
do { |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
175 |
RAND_pseudo_bytes(id, *id_len); |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
176 |
/* Prefix the session_id with the required prefix. NB: If our |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
177 |
--- openssl-1.0.1/doc/ssl/SSL_CTX_set_options.pod Tue Jan 20 04:33:36 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
178 |
+++ openssl-1.0.1/doc/ssl/SSL_CTX_set_options.pod.new Tue May 26 11:41:47 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
179 |
@@ -63,18 +63,11 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
180 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
181 |
=item SSL_OP_MICROSOFT_SESS_ID_BUG |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
182 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
183 |
-www.microsoft.com - when talking SSLv2, if session-id reuse is |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
184 |
-performed, the session-id passed back in the server-finished message |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
185 |
-is different from the one decided upon. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
186 |
+As of OpenSSL 1.0.0 this option has no effect. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
187 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
188 |
=item SSL_OP_NETSCAPE_CHALLENGE_BUG |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
189 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
190 |
-Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
191 |
-challenge but then appears to only use 16 bytes when generating the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
192 |
-encryption keys. Using 16 bytes is ok but it should be ok to use 32. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
193 |
-According to the SSLv3 spec, one should use 32 bytes for the challenge |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
194 |
-when operating in SSLv2/v3 compatibility mode, but as mentioned above, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
195 |
-this breaks this server so 16 bytes is the way to go. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
196 |
+As of OpenSSL 1.0.0 this option has no effect. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
197 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
198 |
=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
199 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
200 |
--- openssl-1.0.1/doc/ssl/SSL_get_default_timeout.pod Thu Jan 15 06:43:49 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
201 |
+++ openssl-1.0.1/doc/ssl/SSL_get_default_timeout.pod.new Tue May 26 11:42:15 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
202 |
@@ -24,7 +24,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
203 |
timeout for the protocol will be used. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
204 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
205 |
SSL_get_default_timeout() return this hardcoded value, which is 300 seconds |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
206 |
-for all currently supported protocols (SSLv2, SSLv3, and TLSv1). |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
207 |
+for all currently supported protocols. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
208 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
209 |
=head1 RETURN VALUES |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
210 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
211 |
--- openssl-1.0.1/doc/ssl/SSL_get_version.pod Thu Jan 15 06:43:49 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
212 |
+++ openssl-1.0.1/doc/ssl/SSL_get_version.pod.new Tue May 26 11:42:45 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
213 |
@@ -21,9 +21,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
214 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
215 |
=over 4 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
216 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
217 |
-=item SSLv2 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
218 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
219 |
-The connection uses the SSLv2 protocol. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
220 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
221 |
=item SSLv3 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
222 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
223 |
--- openssl-1.0.1/doc/ssl/SSL_new.pod Thu Jan 15 06:43:49 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
224 |
+++ openssl-1.0.1/doc/ssl/SSL_new.pod.new Tue May 26 11:43:12 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
225 |
@@ -14,7 +14,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
226 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
227 |
SSL_new() creates a new B<SSL> structure which is needed to hold the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
228 |
data for a TLS/SSL connection. The new structure inherits the settings |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
229 |
-of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1), |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
230 |
+of the underlying context B<ctx>: connection method, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
231 |
options, verification settings, timeout settings. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
232 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
233 |
=head1 RETURN VALUES |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
234 |
--- openssl-1.0.1/doc/ssl/SSL_shutdown.pod Thu Mar 19 06:37:10 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
235 |
+++ openssl-1.0.1/doc/ssl/SSL_shutdown.pod.new Tue May 26 11:43:56 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
236 |
@@ -60,9 +60,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
237 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
238 |
It is therefore recommended, to check the return value of SSL_shutdown() |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
239 |
and call SSL_shutdown() again, if the bidirectional shutdown is not yet |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
240 |
-complete (return value of the first call is 0). As the shutdown is not |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
241 |
-specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
242 |
-the first call. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
243 |
+complete (return value of the first call is 0). |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
244 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
245 |
The behaviour of SSL_shutdown() additionally depends on the underlying BIO. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
246 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
247 |
--- openssl-1.0.1/doc/ssl/ssl.pod Tue Mar 1 05:40:03 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
248 |
+++ openssl-1.0.1/doc/ssl/ssl.pod.new Tue Mar 1 15:42:46 2016 |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
249 |
@@ -9,7 +9,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
250 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
251 |
=head1 DESCRIPTION |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
252 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
253 |
-The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
254 |
+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v3) and |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
255 |
Transport Layer Security (TLS v1) protocols. It provides a rich API which is |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
256 |
documented here. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
257 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
258 |
@@ -45,8 +45,8 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
259 |
=item B<SSL_METHOD> (SSL Method) |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
260 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
261 |
That's a dispatch structure describing the internal B<ssl> library |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
262 |
-methods/functions which implement the various protocol versions (SSLv1, SSLv2 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
263 |
-and TLSv1). It's needed to create an B<SSL_CTX>. |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
264 |
+methods/functions which implement the various protocol versions (SSLv3, |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
265 |
+TLSv1, ...). It's needed to create an B<SSL_CTX>. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
266 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
267 |
=item B<SSL_CIPHER> (SSL Cipher) |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
268 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
269 |
@@ -93,7 +93,7 @@ |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
270 |
|
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
271 |
=item B<ssl2.h> |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
272 |
|
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
273 |
-That's the sub header file dealing with the SSLv2 protocol only. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
274 |
+That's the sub header file dealing with the deprecated SSLv2 protocol only. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
275 |
I<Usually you don't have to include it explicitly because |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
276 |
it's already included by ssl.h>. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
277 |
|
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
278 |
@@ -105,8 +105,8 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
279 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
280 |
=item B<ssl23.h> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
281 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
282 |
-That's the sub header file dealing with the combined use of the SSLv2 and |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
283 |
-SSLv3 protocols. |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
284 |
+That's the sub header file dealing with the combined use of the different |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
285 |
+protocol versions. |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
286 |
I<Usually you don't have to include it explicitly because |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
287 |
it's already included by ssl.h>. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
288 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
289 |
@@ -201,15 +201,15 @@ |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
290 |
=item const SSL_METHOD *B<SSLv2_method>(void); |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
291 |
|
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
292 |
Constructor for the SSLv2 SSL_METHOD structure for clients, servers |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
293 |
-or both. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
294 |
+or both. (deprecated) |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
295 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
296 |
=item const SSL_METHOD *B<SSLv2_client_method>(void); |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
297 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
298 |
-Constructor for the SSLv2 SSL_METHOD structure for clients. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
299 |
+Constructor for the SSLv2 SSL_METHOD structure for clients. (deprecated) |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
300 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
301 |
=item const SSL_METHOD *B<SSLv2_server_method>(void); |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
302 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
303 |
-Constructor for the SSLv2 SSL_METHOD structure for servers. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
304 |
+Constructor for the SSLv2 SSL_METHOD structure for servers. (deprecated) |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
305 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
306 |
=back |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
307 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
308 |
@@ -234,12 +234,12 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
309 |
=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher); |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
310 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
311 |
Return the internal name of I<cipher> as a string. These are the various |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
312 |
-strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
313 |
+strings defined by the I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
314 |
definitions in the header files. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
315 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
316 |
=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher); |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
317 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
318 |
-Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
319 |
+Returns a string like "C<TLSv1/SSLv3>" which indicates the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
320 |
SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
321 |
in the specification the first time). |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
322 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
323 |
--- openssl-1.0.1/doc/apps/ciphers.pod Tue Mar 1 05:40:03 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
324 |
+++ openssl-1.0.1/doc/apps/ciphers.pod.new Tue Mar 1 15:28:28 2016 |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
325 |
@@ -9,7 +9,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
326 |
B<openssl> B<ciphers> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
327 |
[B<-v>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
328 |
[B<-V>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
329 |
-[B<-ssl2>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
330 |
[B<-ssl3>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
331 |
[B<-tls1>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
332 |
[B<cipherlist>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
333 |
@@ -27,12 +26,9 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
334 |
=item B<-v> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
335 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
336 |
Verbose option. List ciphers with a complete description of |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
337 |
-protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
338 |
+protocol version, key exchange, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
339 |
authentication, encryption and mac algorithms used along with any key size |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
340 |
restrictions and whether the algorithm is classed as an "export" cipher. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
341 |
-Note that without the B<-v> option, ciphers may seem to appear twice |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
342 |
-in a cipher list; this is when similar ciphers are available for |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
343 |
-SSL v2 and for SSL v3/TLS v1. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
344 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
345 |
=item B<-V> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
346 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
347 |
@@ -42,10 +38,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
348 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
349 |
This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2. |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
350 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
351 |
-=item B<-ssl2> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
352 |
- |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
353 |
-Only include SSLv2 ciphers. |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
354 |
- |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
355 |
=item B<-h>, B<-?> |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
356 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
357 |
Print a brief usage message. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
358 |
@@ -255,9 +247,9 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
359 |
ciphers suites using FORTEZZA key exchange, authentication, encryption or all |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
360 |
FORTEZZA algorithms. Not implemented. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
361 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
362 |
-=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2> |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
363 |
+=item B<TLSv1.2>, B<TLSv1>, B<SSLv3> |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
364 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
365 |
-TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note: |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
366 |
+TLS v1.2, TLS v1.0, or SSL v3.0 cipher suites respectively. Note: |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
367 |
there are no ciphersuites specific to TLS v1.1. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
368 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
369 |
=item B<AES128>, B<AES256>, B<AES> |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
370 |
@@ -578,16 +570,6 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
371 |
TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
372 |
TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
373 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
374 |
-=head2 Deprecated SSL v2.0 cipher suites. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
375 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
376 |
- SSL_CK_RC4_128_WITH_MD5 RC4-MD5 |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
377 |
- SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
378 |
- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
379 |
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented. |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
380 |
- SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
381 |
- SSL_CK_DES_64_CBC_WITH_MD5 Not implemented. |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
382 |
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
383 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
384 |
=head1 NOTES |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
385 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
386 |
The non-ephemeral DH modes are currently unimplemented in OpenSSL |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
387 |
--- openssl-1.0.1/doc/apps/s_client.pod Tue Mar 1 05:40:03 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
388 |
+++ openssl-1.0.1/doc/apps/s_client.pod.new Tue Mar 1 15:37:40 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
389 |
@@ -32,10 +32,8 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
390 |
[B<-ign_eof>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
391 |
[B<-no_ign_eof>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
392 |
[B<-quiet>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
393 |
-[B<-ssl2>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
394 |
[B<-ssl3>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
395 |
[B<-tls1>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
396 |
-[B<-no_ssl2>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
397 |
[B<-no_ssl3>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
398 |
[B<-no_tls1>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
399 |
[B<-bugs>] |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
400 |
@@ -197,7 +195,7 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
401 |
given as a hexadecimal number without leading 0x, for example -psk |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
402 |
1a2b3c4d. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
403 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
404 |
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
405 |
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
406 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
407 |
These options require or disable the use of the specified SSL or TLS protocols. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
408 |
By default the initial handshake uses a I<version-flexible> method which will |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
409 |
@@ -215,10 +213,6 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
410 |
supported cipher in the list sent by the client. See the B<ciphers> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
411 |
command for more information. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
412 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
413 |
-=item B<-serverpref> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
414 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
415 |
-use the server's cipher preferences; only used for SSLV2. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
416 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
417 |
=item B<-starttls protocol> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
418 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
419 |
send the protocol-specific message(s) to switch to TLS for communication. |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
420 |
@@ -295,8 +289,8 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
421 |
then an HTTP command can be given such as "GET /" to retrieve a web page. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
422 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
423 |
If the handshake fails then there are several possible causes, if it is |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
424 |
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
425 |
-B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
426 |
+nothing obvious like no client certificate then the B<-bugs>, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
427 |
+B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
428 |
in case it is a buggy server. In particular you should play with these |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
429 |
options B<before> submitting a bug report to an OpenSSL mailing list. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
430 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
431 |
@@ -318,10 +312,6 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
432 |
If there are problems verifying a server certificate then the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
433 |
B<-showcerts> option can be used to show the whole chain. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
434 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
435 |
-Since the SSLv23 client hello cannot include compression methods or extensions |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
436 |
-these will only be supported if its use is disabled, for example by using the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
437 |
-B<-no_sslv2> option. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
438 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
439 |
The B<s_client> utility is a test tool and is designed to continue the |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
440 |
handshake after any certificate verification errors. As a result it will |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
441 |
accept any certificate chain (trusted or not) sent by the peer. None test |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
442 |
--- openssl-1.0.1/doc/apps/s_server.pod Tue Mar 1 05:40:03 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
443 |
+++ openssl-1.0.1/doc/apps/s_server.pod.new Tue Mar 1 15:38:50 2016 |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
444 |
@@ -39,10 +39,8 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
445 |
[B<-serverpref>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
446 |
[B<-quiet>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
447 |
[B<-no_tmp_rsa>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
448 |
-[B<-ssl2>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
449 |
[B<-ssl3>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
450 |
[B<-tls1>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
451 |
-[B<-no_ssl2>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
452 |
[B<-no_ssl3>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
453 |
[B<-no_tls1>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
454 |
[B<-no_dhe>] |
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
455 |
@@ -221,7 +219,7 @@ |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
456 |
given as a hexadecimal number without leading 0x, for example -psk |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
457 |
1a2b3c4d. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
458 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
459 |
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
460 |
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
461 |
|
5557
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
462 |
These options require or disable the use of the specified SSL or TLS protocols. |
0c86123e6de4
22852190 Upgrade OpenSSL version to 1.0.1s
Ronald Jordan <ron.jordan@oracle.com>
parents:
4589
diff
changeset
|
463 |
By default the initial handshake uses a I<version-flexible> method which will |
4414
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
464 |
--- openssl-1.0.1/doc/apps/s_time.pod Thu Jan 15 06:43:49 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
465 |
+++ openssl-1.0.1/doc/apps/s_time.pod.new Tue May 26 12:20:09 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
466 |
@@ -19,7 +19,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
467 |
[B<-verify depth>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
468 |
[B<-nbio>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
469 |
[B<-time seconds>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
470 |
-[B<-ssl2>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
471 |
[B<-ssl3>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
472 |
[B<-bugs>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
473 |
[B<-cipher cipherlist>] |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
474 |
@@ -92,18 +90,17 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
475 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
476 |
turns on non-blocking I/O. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
477 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
478 |
-=item B<-ssl2>, B<-ssl3> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
479 |
+=item B<-ssl3> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
480 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
481 |
these options disable the use of certain SSL or TLS protocols. By default |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
482 |
the initial handshake uses a method which should be compatible with all |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
483 |
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
484 |
+servers and permit them to use SSL v3 or TLS as appropriate. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
485 |
The timing program is not as rich in options to turn protocols on and off as |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
486 |
the L<s_client(1)|s_client(1)> program and may not connect to all servers. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
487 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
488 |
Unfortunately there are a lot of ancient and broken servers in use which |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
489 |
cannot handle this technique and will fail to connect. Some servers only |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
490 |
-work if TLS is turned off with the B<-ssl3> option; others |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
491 |
-will only support SSL v2 and may need the B<-ssl2> option. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
492 |
+work if TLS is turned off with the B<-ssl3> option. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
493 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
494 |
=item B<-bugs> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
495 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
496 |
@@ -137,7 +122,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
497 |
for details. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
498 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
499 |
If the handshake fails then there are several possible causes, if it is |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
500 |
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
501 |
+nothing obvious like no client certificate then the B<-bugs>, |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
502 |
B<-ssl3> options can be tried |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
503 |
in case it is a buggy server. In particular you should play with these |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
504 |
options B<before> submitting a bug report to an OpenSSL mailing list. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
505 |
--- openssl-1.0.1/doc/apps/sess_id.pod Thu Jan 15 06:43:49 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
506 |
+++ openssl-1.0.1/doc/apps/sess_id.pod.new Tue May 26 12:21:07 2015 |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
507 |
@@ -91,7 +91,7 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
508 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
509 |
=item B<Protocol> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
510 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
511 |
-this is the protocol in use TLSv1, SSLv3 or SSLv2. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
512 |
+this is the protocol in use TLSv1.2, TLSv1.1, TLSv1 or SSLv3. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
513 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
514 |
=item B<Cipher> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
515 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
516 |
@@ -110,10 +110,6 @@ |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
517 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
518 |
this is the SSL session master key. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
519 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
520 |
-=item B<Key-Arg> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
521 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
522 |
-the key argument, this is only used in SSL v2. |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
523 |
- |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
524 |
=item B<Start Time> |
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
525 |
|
bcb5766d82d0
PSARC/2015/249 EOL of OpenSSL SSLv2/v3 support
jenny.yung@oracle.com <jenny.yung@oracle.com>
parents:
diff
changeset
|
526 |
this is the session start time represented as an integer in standard Unix format. |