generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't advertise ECC ciphersuits in SSLv2 compatible client hello.

Browse Source 
PR#3374
(cherry picked from commit 0436369fcc)
This commit is contained in:
Tomas Mraz
2014-06-27 16:49:22 +01:00
committed by Dr. Stephen Henson
parent 121f386ec7
commit 1fcfd61ee7
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ssl/s23_lib.c
View File

@@ -112,6 +112,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
long l; long l;
/* We can write SSLv2 and SSLv3 ciphers */ /* We can write SSLv2 and SSLv3 ciphers */
/* but no ECC ciphers */
if (c->algorithm_mkey == SSL_kECDHr ||
c->algorithm_mkey == SSL_kECDHe ||
c->algorithm_mkey == SSL_kEECDH ||
c->algorithm_auth == SSL_aECDH ||
c->algorithm_auth == SSL_aECDSA)
return 0;
if (p != NULL) if (p != NULL)
{ {
l=c->id; l=c->id;