We degrade all 64 bit block ciphers and RC4 to 112 bits.
diff -up openssl-1.0.1e/ssl/s2_lib.c.3des-strength openssl-1.0.1e/ssl/s2_lib.c
--- openssl-1.0.1e/ssl/s2_lib.c.3des-strength 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s2_lib.c 2016-09-21 11:37:22.729563320 +0200
@@ -152,7 +152,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
- 128,
+ 112,
128,
},
@@ -184,7 +184,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
- 128,
+ 112,
128,
},
@@ -217,7 +217,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
- 128,
+ 112,
128,
},
#endif
@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
SSL_SSLV2,
SSL_NOT_EXP|SSL_HIGH,
0,
- 168,
+ 112,
168,
},
diff -up openssl-1.0.1e/ssl/s3_lib.c.3des-strength openssl-1.0.1e/ssl/s3_lib.c
--- openssl-1.0.1e/ssl/s3_lib.c.3des-strength 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s3_lib.c 2016-09-21 11:43:27.108247849 +0200
@@ -230,7 +230,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -246,7 +246,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -279,7 +279,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
#endif
@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -554,7 +554,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -703,7 +703,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -719,7 +719,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -767,7 +767,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -783,7 +783,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -1380,7 +1380,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
#endif
@@ -1669,7 +1669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2046,7 +2046,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2126,7 +2126,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2206,7 +2206,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2286,7 +2286,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2366,7 +2366,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 128,
+ 112,
128,
},
@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2432,7 +2432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},