1796  * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
1815    the handshake when using this ciphersuite.
1818    cannot decrypt data that has been encrypted using this ciphersuite - they can
1822    the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in
1824    ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been
1825    negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the
1834    3) The ciphersuite must have been explicitly added to the ciphersuite list
1840    6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any
4211  * Separated TLSv1.3 ciphersuite configuration out from TLSv1.2 ciphersuite
4214    In order to avoid issues where legacy TLSv1.2 ciphersuite configuration
4667    During key agreement in a TLS handshake using a DH(E) based ciphersuite a
4881    this can cause OpenSSL to crash (dependent on ciphersuite). Both clients
5739    in 1.0.2 EXPORT was already removed and the only RC2 ciphersuite is also
6269    This parameter will be set to 1 or 0 depending on the ciphersuite selected
6452    During key agreement in a TLS handshake using a DH(E) based ciphersuite a
7125    reusing the private DH exponent or it's using a static DH ciphersuite.
7443    ciphersuite being selected and a zero length ClientKeyExchange message
7457    - A ciphersuite is used that does not require additional random data from
7722  * New function ssl_set_client_disabled to set a ciphersuite disabled
7724    hello and checking the requested ciphersuite.
7879  * Support for fixed DH ciphersuite client authentication: where both
8812    ciphersuite and sending carefully crafted handshake messages.
8855    dereference (read) by specifying an SRP ciphersuite even though it was not
9026  * Call OCSP Stapling callback after ciphersuite has been chosen, so
9807    ciphersuite and sending carefully crafted handshake messages.
9964  * Call OCSP Stapling callback after ciphersuite has been chosen, so
10149    and servers: an attacker can use it in a ciphersuite downgrade attack.
10597    ciphersuite support.
10623    the work each time a ciphersuite string requests enabling
10655  * Split the SSL/TLS algorithm mask (as used for ciphersuite string
10672    With the change, we also introduce new ciphersuite aliases that
10807    The temporary ciphersuite alias "ECCdraft" is no longer
11092  * New option -V for 'openssl ciphers'. This prints the ciphersuite code
11846    different requirements, clients could circumvent ciphersuite
11853    a ciphersuite string such as "DEFAULT:RSA" cannot enable
11922  * Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
11926    have a single AES bit in the ciphersuite description bitmap.
11927    That change, however, also applied to ciphersuite strings such as
11933    ciphersuite selects this one ciphersuite, and any other similar
11934    ciphersuite (same bitmap) from *other* protocol versions.
11936    ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
12773    the "ECCdraft" ciphersuite group alias can be used to select them.
13035    a ciphersuite string such as "DEFAULT:RSA" cannot enable
13095  * Change ciphersuite string processing so that an explicit
13096    ciphersuite selects this one ciphersuite (so that "AES256-SHA"
13098    ciphersuite (same bitmap) from *other* protocol versions (so that
13099    "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
13100    SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining
15012    not enabled by default and were not part of the "ALL" ciphersuite
15014    explicitly requested by specifying the "AESdraft" ciphersuite

Last Index update Mon Nov 25 16:03:21 UTC 2024

Dedicated to & Maintained by Room-11