generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use client version when eliminating TLS v1.2 ciphersuites in client hello

Browse Source
This commit is contained in:
Dr. Stephen Henson
2011-10-07 15:07:36 +00:00
parent 177f27d71e
commit b08b158b44
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/ssl_lib.c
View File

@@ -1371,7 +1371,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
c=sk_SSL_CIPHER_value(sk,i); c=sk_SSL_CIPHER_value(sk,i);
/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
if ((c->algorithm_ssl & SSL_TLSV1_2) && if ((c->algorithm_ssl & SSL_TLSV1_2) &&
(TLS1_get_version(s) < TLS1_2_VERSION)) (TLS1_get_client_version(s) < TLS1_2_VERSION))
continue; continue;
#ifndef OPENSSL_NO_KRB5 #ifndef OPENSSL_NO_KRB5
if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&

3
ssl/tls1.h
View File

@@ -174,6 +174,9 @@ extern "C" {
#define TLS1_get_version(s) \ #define TLS1_get_version(s) \
((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
#define TLS1_get_client_version(s) \
((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
#define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_DECRYPTION_FAILED 21
#define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_RECORD_OVERFLOW 22
#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ #define TLS1_AD_UNKNOWN_CA 48 /* fatal */