From: Bodo Möller <bodo@openssl.org>
Date: Wed, 21 Mar 2007 14:18:27 +0000 (+0000)
Subject: oops -- this should have been in 0.9.8e
X-Git-Tag: FIPS_098_TEST_1~55^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d9e262443cc1cdc87d35ff860bbd13dd0eabc23e;p=openssl

oops -- this should have been in 0.9.8e
---

diff --git a/CHANGES b/CHANGES
index 7d1194fe6e..92e6e3885a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,15 +4,13 @@
 
  Changes between 0.9.8e and 0.9.8f  [xx XXX xxxx]
 
-  *)
-
- Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
-
   *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
      a ciphersuite string such as "DEFAULT:RSA" cannot enable
      authentication-only ciphersuites.
      [Bodo Moeller]
 
+ Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+
   *) Since AES128 and AES256 (and similarly Camellia128 and
      Camellia256) share a single mask bit in the logic of
      ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2e067e7a78..b56b1c53a1 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -317,9 +317,9 @@ extern "C" {
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
 #ifdef OPENSSL_NO_CAMELLIA
-# define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+# define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
 #else
-# define SSL_DEFAULT_CIPHER_LIST	"AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+# define SSL_DEFAULT_CIPHER_LIST	"AES:CAMELLIA:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
 #endif
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */