Ralf S. Engelschall wrote:
>
> In article <[EMAIL PROTECTED]> you wrote:
> > Ralf S. Engelschall wrote:
> >>
> >> I've noticed that the new TLSv1 ciphers are not identified correctly by
> >> SSL_CIPHER_description() and this way they are also identified as "SSLv3"
> >> ciphers at the "openssl ciphers" command. The reason is because SSL_TLSV1 is
> >> currently defined to just the value of SSL_SSLV3. Because we've no more bits
> >> free without shifting others in the bitmasks, I've created patch similar to
> >> what Ben did for the export bits. Until now the SSL_SSLV3 and SSL_TLSV1 is
> >> checked in SSL_CIPHER_description only, so the patch is minimal. But should be
> >> done better now than later. Votes?
>
> > Hmm. This may fix the descriptions, but will still allow them in SSLv3
> > sessions (which was why I didn't bother to fix the descriptions). Making
> > them TLSv1 only is considerably more painful.
>
> Yes I know. But should that mean that we also not care about the description
> until we make them really TLSv1 only? I think we should now at least fix the
> description and then add more code to make them TLSv1 only, shouldn't we?
I don't mind either way, I was just pointing out that it was purely
cosmetic, and to make what it implies true is considerable effort. The
point being that they will work with an SSLv3 session, so saying they
are TLSv1 is misleading.
They aren't officially TLS cipherspecs anyway, yet, so we may have to
get rid of them...
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
