- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 10fe65f..4b84d51 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -144,6 +144,9 @@
if( argc == 0 )
{
usage:
+ if( ret == 0 )
+ ret = 1;
+
printf( USAGE );
list = ssl_list_ciphersuites();
@@ -153,7 +156,6 @@
list++;
}
printf("\n");
- ret = 1;
goto exit;
}
@@ -210,8 +212,10 @@
opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
if( opt.force_ciphersuite[0] <= 0 )
+ {
+ ret = 2;
goto usage;
-
+ }
opt.force_ciphersuite[1] = 0;
}
else
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 5ee2f63..f3ad42f 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -84,6 +84,15 @@
SSL_RSA_DES_168_SHA,
SSL_RSA_RC4_128_SHA,
SSL_RSA_RC4_128_MD5,
+#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
+ SSL_EDH_RSA_DES_SHA,
+ SSL_RSA_DES_SHA,
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+ SSL_RSA_NULL_MD5,
+ SSL_RSA_NULL_SHA,
+ SSL_RSA_NULL_SHA256,
+#endif
+#endif
0
};
@@ -206,6 +215,8 @@
((void) argc);
((void) argv);
+ memset( &ssl, 0, sizeof( ssl_context ) );
+
/*
* 1. Load the certificates and private RSA key
*/
@@ -448,7 +459,6 @@
len = ret;
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
- ssl_close_notify( &ssl );
ret = 0;
goto reset;