kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3cfeb9522b
boringssl/crypto/err
History
David Benjamin 3cfeb9522b Disable SSLv3 by default. 
As a precursor to removing the code entirely later, disable the protocol
by default. Callers must use SSL_CTX_set_min_version to enable it.

This change also makes SSLv3_method *not* enable SSL 3.0. Normally
version-specific methods set the minimum and maximum version to their
version. SSLv3_method leaves the minimum at the default, so we will
treat it as all versions disabled. To help debugging, the error code is
switched from WRONG_SSL_VERSION to a new NO_SUPPORTED_VERSIONS_ENABLED.

This also defines OPENSSL_NO_SSL3 and OPENSSL_NO_SSL3_METHOD to kick in
any no-ssl3 build paths in consumers which should provide a convenient
hook for any upstreaming changes that may be needed. (OPENSSL_NO_SSL3
existed in older versions of OpenSSL, so in principle one may encounter
an OpenSSL with the same settings.)

Change-Id: I96a8f2f568eb77b2537b3a774b2f7108bd67dd0c
Reviewed-on: https://boringssl-review.googlesource.com/14031
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-11 16:38:16 +00:00
..
asn1.errordata Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
bio.errordata
bn.errordata
cipher.errordata
CMakeLists.txt Convert err_test to GTest. 2017-02-10 17:38:22 +00:00
conf.errordata Fix out-of-memory condition in conf. 2017-03-21 16:19:22 +00:00
dh.errordata Reimplement PKCS #3 DH parameter parsing with crypto/bytestring. 2016-05-09 19:36:41 +00:00
digest.errordata Decouple PKCS#12 hash lookup from the OID table. 2017-03-25 21:22:50 +00:00
dsa.errordata Reimplement DSA parsing logic with crypto/asn1. 2016-02-17 00:26:01 +00:00
ec.errordata Always use Fermat's Little Theorem in ecdsa_sign_setup. 2016-06-20 17:11:42 +00:00
ecdh.errordata
ecdsa.errordata
engine.errordata
err_data_generate.go Make err_data_generator.go silent by default. 2016-04-18 19:42:15 +00:00
err_test.cc Convert err_test to GTest. 2017-02-10 17:38:22 +00:00
err.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
evp.errordata Support EVP_PKEY_{sign,verify}_message with Ed25519. 2017-04-05 23:05:14 +00:00
hkdf.errordata
obj.errordata
pem.errordata
pkcs8.errordata Update pkcs8 error data. 2017-03-23 15:07:28 +00:00
rsa.errordata Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
ssl.errordata Disable SSLv3 by default. 2017-04-11 16:38:16 +00:00
x509.errordata Teach crypto/x509 how to verify an Ed25519 signature. 2017-04-05 23:35:30 +00:00
x509v3.errordata