generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make TLS 1.2 ciphers work again.

Browse Source 
Since s->method does not reflect the final client version when a client
hello is sent for SSLv23_client_method it can't be relied on to indicate
if TLS 1.2 ciphers should be used. So use the client version instead.
This commit is contained in:
Dr. Stephen Henson
2013-04-04 18:19:18 +01:00
parent 99cda4376e
commit 1e2d4cb0e1
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/t1_lib.c
View File

@@ -1010,7 +1010,7 @@ void ssl_set_client_disabled(SSL *s)
c->mask_a = 0;
c->mask_k = 0;
/* Don't allow TLS 1.2 only ciphers if we don't suppport them */
if (!SSL_USE_TLS1_2_CIPHERS(s))
if (!SSL_CLIENT_USE_TLS1_2_CIPHERS(s))
c->mask_ssl = SSL_TLSV1_2;
else
c->mask_ssl = 0;