[rpms/openssl] rebase_40beta: make 3des strength to be 128 bits instead of 168 (#1056616)

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: make 3des strength to be 128 bits instead of 168 (#1056616)
Date: Tue, 09 Jun 2026 12:43:13 GMT	[thread overview]
Message-ID: <178100899343.1.12670163579203814201.rpms-openssl-40825564d874@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : 40825564d874ebf07f1a98b0237d4586c6543e69
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2014-01-22T17:57:22+01:00
Stats  : +177/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/40825564d874ebf07f1a98b0237d4586c6543e69?branch=rebase_40beta

Log:
make 3des strength to be 128 bits instead of 168 (#1056616)

---
diff --git a/openssl-1.0.1e-3des-strength.patch b/openssl-1.0.1e-3des-strength.patch
new file mode 100644
index 0000000..7375b47
--- /dev/null
+++ b/openssl-1.0.1e-3des-strength.patch
@@ -0,0 +1,171 @@
+Although the real strength is rather 112 bits we use 128 here as
+we do not want to sort it behind more obscure ciphers.
+AES-128 is preferred anyway.
+diff -up openssl-1.0.1e/ssl/s2_lib.c.3des-strength openssl-1.0.1e/ssl/s2_lib.c
+--- openssl-1.0.1e/ssl/s2_lib.c.3des-strength	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s2_lib.c	2014-01-22 16:32:45.791700322 +0100
+@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
+ 	SSL_SSLV2,
+ 	SSL_NOT_EXP|SSL_HIGH,
+ 	0,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+diff -up openssl-1.0.1e/ssl/s3_lib.c.3des-strength openssl-1.0.1e/ssl/s3_lib.c
+--- openssl-1.0.1e/ssl/s3_lib.c.3des-strength	2014-01-17 11:41:11.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_lib.c	2014-01-22 16:31:14.713666777 +0100
+@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_SSLV3,
+ 	SSL_NOT_EXP|SSL_HIGH,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2432,7 +2432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 
+@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ 	SSL_TLSV1,
+ 	SSL_NOT_EXP|SSL_HIGH,
+ 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+-	168,
++	128,
+ 	168,
+ 	},
+ 

diff --git a/openssl.spec b/openssl.spec
index 5d294ef..6b085e9 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 37%{?dist}
+Release: 38%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -78,6 +78,7 @@ Patch74: openssl-1.0.1e-no-md5-verify.patch
 Patch75: openssl-1.0.1e-compat-symbols.patch
 Patch76: openssl-1.0.1e-new-fips-reqs.patch
 Patch77: openssl-1.0.1e-weak-ciphers.patch
+Patch78: openssl-1.0.1e-3des-strength.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.1-beta2-padlock64.patch
 Patch82: openssl-1.0.1e-backports.patch
@@ -199,6 +200,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch75 -p1 -b .compat
 %patch76 -p1 -b .fips-reqs
 %patch77 -p1 -b .weak-ciphers
+%patch78 -p1 -b .3des-strength
 
 %patch81 -p1 -b .padlock64
 %patch82 -p1 -b .backports
@@ -472,6 +474,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed Jan 22 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-38
+- make 3des strength to be 128 bits instead of 168 (#1056616)
+
 * Tue Jan  7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-37
 - fix CVE-2013-4353 - Invalid TLS handshake crash
 - fix CVE-2013-6450 - possible MiTM attack on DTLS1

                 reply	other threads:[~2026-06-09 12:43 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178100899343.1.12670163579203814201.rpms-openssl-40825564d874@fedoraproject.org \
    --to=tmraz@fedoraproject.org \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox