Use SHA256 for ticket HMAC if possible.

ssl/s3_srvr.c

@@ -2792,7 +2792,7 @@ int ssl3_send_newsession_ticket(SSL *s)
 
 		HMAC_CTX_init(&hctx);
 		HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-				EVP_sha1(), NULL);
+				tlsext_tick_md(), NULL);
 		HMAC_Update(&hctx, macstart, p - macstart);
 		HMAC_Final(&hctx, p, &hlen);
 		HMAC_CTX_cleanup(&hctx);

ssl/ssl_locl.h

@@ -987,6 +987,11 @@ int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
+#ifdef OPENSSL_NO_SHA256
+#define tlsext_tick_md	EVP_sha1
+#else
+#define tlsext_tick_md	EVP_sha256
+#endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 				const unsigned char *limit, SSL_SESSION **ret);
 #endif

ssl/t1_lib.c

@@ -985,7 +985,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	/* Attempt to process session ticket, first conduct sanity and
  	 * integrity checks on ticket.
  	 */
-	mlen = EVP_MD_size(EVP_sha1());
+	mlen = EVP_MD_size(tlsext_tick_md());
 	eticklen -= mlen;
 	/* Need at least keyname + iv + some encrypted data */
 	if (eticklen < 48)
@@ -996,7 +996,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	/* Check HMAC of encrypted ticket */
 	HMAC_CTX_init(&hctx);
 	HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-				EVP_sha1(), NULL);
+				tlsext_tick_md(), NULL);
 	HMAC_Update(&hctx, etick, eticklen);
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);