Don't alow TLS v1.0 ciphersuites for SSLv3

This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-13 14:37:24 +00:00
parent 5e3d21fef1
commit 2b573382f8
5 changed files with 13 additions and 2 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4841,6 +4841,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
        /* Skip TLS v1.2 only ciphersuites if not supported */
        if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
            continue;
+        /* Skip TLS v1.0 ciphersuites if SSLv3 */
+        if ((c->algorithm_ssl & SSL_TLSV1) && s->version == SSL3_VERSION)
+            continue;

        ssl_set_masks(s, c);
        mask_k = s->s3->tmp.mask_k;