From 7963ddeb44b56e5fed734c39e726afc32d9cdb15 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Dec 2013 13:18:30 -0500 Subject: [PATCH] Allow "ECDHE" as a synonym of "EECDH" when specifiying ciphers The standard terminology in https://tools.ietf.org/html/rfc4492 is ECDHE. "openssl ciphers" outputs ECDHE. But users of the library currently cannot specify ECDHE, they must specify EECDH. This change allows users to specify the common term in cipher suite strings without breaking backward compatibility. --- ssl/ssl.h | 6 ++++-- ssl/ssl_ciph.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index 2eccca29e0..1c8309eef7 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -249,7 +249,8 @@ extern "C" { #define SSL_TXT_kECDHr "kECDHr" #define SSL_TXT_kECDHe "kECDHe" #define SSL_TXT_kECDH "kECDH" -#define SSL_TXT_kEECDH "kEECDH" +#define SSL_TXT_kEECDH "kEECDH" /* alias for kECDHE */ +#define SSL_TXT_kECDHE "kECDHE" #define SSL_TXT_kPSK "kPSK" #define SSL_TXT_kGOST "kGOST" #define SSL_TXT_kSRP "kSRP" @@ -271,7 +272,8 @@ extern "C" { #define SSL_TXT_ADH "ADH" #define SSL_TXT_RSA "RSA" #define SSL_TXT_ECDH "ECDH" -#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ +#define SSL_TXT_EECDH "EECDH" /* alias for ECDHE" */ +#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */ #define SSL_TXT_AECDH "AECDH" #define SSL_TXT_ECDSA "ECDSA" #define SSL_TXT_KRB5 "KRB5" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a5c417a9ed..b285a612c6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -250,6 +250,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, + {0,SSL_TXT_kECDHE,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, @@ -274,6 +275,7 @@ static const SSL_CIPHER cipher_aliases[]={ /* aliases combining key exchange and server authentication */ {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, + {0,SSL_TXT_ECDHE,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, -- 2.40.0