In article <[EMAIL PROTECTED]> you wrote:
> Ralf S. Engelschall wrote:
>>
>> I've noticed that the new TLSv1 ciphers are not identified correctly by
>> SSL_CIPHER_description() and this way they are also identified as "SSLv3"
>> ciphers at the "openssl ciphers" command. The reason is because SSL_TLSV1 is
>> currently defined to just the value of SSL_SSLV3. Because we've no more bits
>> free without shifting others in the bitmasks, I've created patch similar to
>> what Ben did for the export bits. Until now the SSL_SSLV3 and SSL_TLSV1 is
>> checked in SSL_CIPHER_description only, so the patch is minimal. But should be
>> done better now than later. Votes?
> Hmm. This may fix the descriptions, but will still allow them in SSLv3
> sessions (which was why I didn't bother to fix the descriptions). Making
> them TLSv1 only is considerably more painful.
Yes I know. But should that mean that we also not care about the description
until we make them really TLSv1 only? I think we should now at least fix the
description and then add more code to make them TLSv1 only, shouldn't we?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
