- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!

2025-08-08 17:42:09 +03:00 · 2012-02-06 16:45:10 +00:00
parent 13eb9f01cf
commit fab5c829e7
16 changed files with 556 additions and 41 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -144,6 +144,9 @@ int main( int argc, char *argv[] )
    if( argc == 0 )
    {
    usage:
+        if( ret == 0 )
+            ret = 1;
+
        printf( USAGE );

        list = ssl_list_ciphersuites();
@@ -153,7 +156,6 @@ int main( int argc, char *argv[] )
            list++;
        }
        printf("\n");
-        ret = 1;
        goto exit;
    }

@@ -210,8 +212,10 @@ int main( int argc, char *argv[] )
            opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );

            if( opt.force_ciphersuite[0] <= 0 )
+            {
+                ret = 2;
                goto usage;
-
+            }
            opt.force_ciphersuite[1] = 0;
        }
        else
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -84,6 +84,15 @@ int my_ciphersuites[] =
    SSL_RSA_DES_168_SHA,
    SSL_RSA_RC4_128_SHA,
    SSL_RSA_RC4_128_MD5,
+#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
+    SSL_EDH_RSA_DES_SHA,
+    SSL_RSA_DES_SHA,
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+    SSL_RSA_NULL_MD5,
+    SSL_RSA_NULL_SHA,
+    SSL_RSA_NULL_SHA256,
+#endif
+#endif
    0
 };

@@ -206,6 +215,8 @@ int main( int argc, char *argv[] )
    ((void) argc);
    ((void) argv);

+    memset( &ssl, 0, sizeof( ssl_context ) );
+
    /*
     * 1. Load the certificates and private RSA key
     */
@@ -448,7 +459,6 @@ reset:
    len = ret;
    printf( " %d bytes written\n\n%s\n", len, (char *) buf );
    
-    ssl_close_notify( &ssl );
    ret = 0;
    goto reset;