Ralf S. Engelschall wrote:
>
> I've noticed that the new TLSv1 ciphers are not identified correctly by
> SSL_CIPHER_description() and this way they are also identified as "SSLv3"
> ciphers at the "openssl ciphers" command. The reason is because SSL_TLSV1 is
> currently defined to just the value of SSL_SSLV3. Because we've no more bits
> free without shifting others in the bitmasks, I've created patch similar to
> what Ben did for the export bits. Until now the SSL_SSLV3 and SSL_TLSV1 is
> checked in SSL_CIPHER_description only, so the patch is minimal. But should be
> done better now than later. Votes?
Hmm. This may fix the descriptions, but will still allow them in SSLv3
sessions (which was why I didn't bother to fix the descriptions). Making
them TLSv1 only is considerably more painful.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
