I've noticed that the new TLSv1 ciphers are not identified correctly by
SSL_CIPHER_description() and this way they are also identified as "SSLv3"
ciphers at the "openssl ciphers" command. The reason is because SSL_TLSV1 is
currently defined to just the value of SSL_SSLV3. Because we've no more bits
free without shifting others in the bitmasks, I've created patch similar to
what Ben did for the export bits. Until now the SSL_SSLV3 and SSL_TLSV1 is
checked in SSL_CIPHER_description only, so the patch is minimal. But should be
done better now than later. Votes?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: ssl_ciph.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_ciph.c,v
retrieving revision 1.5
diff -u -r1.5 ssl_ciph.c
--- ssl_ciph.c 1999/02/22 01:26:38 1.5
+++ ssl_ciph.c 1999/02/23 10:10:57
@@ -630,10 +630,12 @@
kl=SSL_EXPORT_KEYLENGTH(alg);
exp=is_export?" export":"";
- if (alg & SSL_SSLV2)
+ if (SSL_IS_SSLV2(alg))
ver="SSLv2";
- else if (alg & SSL_SSLV3)
+ else if (SSL_IS_SSLV3(alg))
ver="SSLv3";
+ else if (SSL_IS_TLSV1(alg))
+ ver="TLSv1";
else
ver="unknown";
Index: ssl_locl.h
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_locl.h,v
retrieving revision 1.7
diff -u -r1.7 ssl_locl.h
--- ssl_locl.h 1999/02/21 21:58:59 1.7
+++ ssl_locl.h 1999/02/23 10:14:21
@@ -209,7 +209,10 @@
#define SSL_SSL_MASK 0x00c00000L
#define SSL_SSLV2 0x00400000L
#define SSL_SSLV3 0x00800000L
-#define SSL_TLSV1 SSL_SSLV3 /* for now */
+#define SSL_TLSV1 0x00c00000L
+#define SSL_IS_SSLV2(a) (((a)&SSL_SSL_MASK) == SSL_SSLV2)
+#define SSL_IS_SSLV3(a) (((a)&SSL_SSL_MASK) == SSL_SSLV3)
+#define SSL_IS_TLSV1(a) (((a)&SSL_SSL_MASK) == SSL_TLSV1)
#define SSL_STRONG_MASK 0x07000000L
#define SSL_LOW 0x01000000L
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
