generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable ECDHE in DTLS in a cleaner way.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2009-05-16 11:16:15 +00:00
parent f99c9daa39
commit 661d35dfb2
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/d1_lib.c
View File

@ -203,6 +203,9 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
{ {
if (ciph->algorithm_enc == SSL_RC4) if (ciph->algorithm_enc == SSL_RC4)
return NULL; return NULL;
/* We currently don't support ECDH either */
if (ciph->algorithm_mkey & SSL_kEECDH)
return NULL;
} }
return ciph; return ciph;

3
ssl/ssl_lib.c
View File

@ -1343,9 +1343,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
s->psk_client_callback == NULL) s->psk_client_callback == NULL)
continue; continue;
#endif /* OPENSSL_NO_PSK */ #endif /* OPENSSL_NO_PSK */
/* DTLS doesn't currently support ECDHE */
if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
continue;
j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
p+=j; p+=j;
} }