mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Drop support for RC4 TLS ciphersuites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
@ -102,7 +102,6 @@ int main( void )
|
||||
#define DFL_EXCHANGES 1
|
||||
#define DFL_MIN_VERSION -1
|
||||
#define DFL_MAX_VERSION -1
|
||||
#define DFL_ARC4 -1
|
||||
#define DFL_SHA1 -1
|
||||
#define DFL_CID_ENABLED 0
|
||||
#define DFL_CID_VALUE ""
|
||||
@ -500,7 +499,6 @@ int main( void )
|
||||
#define USAGE4 \
|
||||
USAGE_SSL_ASYNC \
|
||||
USAGE_SNI \
|
||||
" arc4=%%d default: (library default: 0)\n" \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
" max_version=%%s default: (library default: tls1_2)\n" \
|
||||
@ -580,7 +578,6 @@ struct options
|
||||
int exchanges; /* number of data exchanges */
|
||||
int min_version; /* minimum protocol version accepted */
|
||||
int max_version; /* maximum protocol version accepted */
|
||||
int arc4; /* flag for arc4 suites support */
|
||||
int allow_sha1; /* flag for SHA-1 support */
|
||||
int auth_mode; /* verify mode for connection */
|
||||
int cert_req_ca_list; /* should we send the CA list? */
|
||||
@ -1491,7 +1488,6 @@ int main( int argc, char *argv[] )
|
||||
opt.exchanges = DFL_EXCHANGES;
|
||||
opt.min_version = DFL_MIN_VERSION;
|
||||
opt.max_version = DFL_MAX_VERSION;
|
||||
opt.arc4 = DFL_ARC4;
|
||||
opt.allow_sha1 = DFL_SHA1;
|
||||
opt.auth_mode = DFL_AUTH_MODE;
|
||||
opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST;
|
||||
@ -1748,15 +1744,6 @@ int main( int argc, char *argv[] )
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "arc4" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
{
|
||||
case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
|
||||
case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
|
||||
default: goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "allow_sha1" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
@ -2079,19 +2066,6 @@ int main( int argc, char *argv[] )
|
||||
opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||
}
|
||||
|
||||
/* Enable RC4 if needed and not explicitly disabled */
|
||||
if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||
{
|
||||
if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
|
||||
{
|
||||
mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
|
||||
ret = 2;
|
||||
goto usage;
|
||||
}
|
||||
|
||||
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
|
||||
{
|
||||
@ -2775,11 +2749,6 @@ int main( int argc, char *argv[] )
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
if( opt.arc4 != DFL_ARC4 )
|
||||
mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
|
||||
#endif
|
||||
|
||||
if( opt.version_suites != NULL )
|
||||
{
|
||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
|
||||
|
Reference in New Issue
Block a user