Don't alow TLS v1.0 ciphersuites for SSLv3

This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-13 14:37:24 +00:00
parent 5e3d21fef1
commit 2b573382f8
5 changed files with 13 additions and 2 deletions
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1621,6 +1621,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)

    if (alg_ssl & SSL_SSLV3)
        ver = "SSLv3";
+    else if (alg_ssl & SSL_TLSV1)
+        ver = "TLSv1.0";
    else if (alg_ssl & SSL_TLSV1_2)
        ver = "TLSv1.2";
    else