generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New function ssl_set_client_disabled to set masks for any ciphersuites

Browse Source 
that are disabled for this session (as opposed to always disabled by
configuration).
(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson
2012-12-26 14:55:46 +00:00
parent a897502cd9
commit b28fbdfa7d
6 changed files with 124 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/s3_clnt.c
View File

@@ -837,6 +837,7 @@ int ssl3_get_server_hello(SSL *s)
{
STACK_OF(SSL_CIPHER) *sk;
const SSL_CIPHER *c;
CERT *ct = s->cert;
unsigned char *p,*d;
int i,al=SSL_AD_INTERNAL_ERROR,ok;
unsigned int j;
@@ -959,9 +960,12 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
goto f_err;
}
/* TLS v1.2 only ciphersuites require v1.2 or later */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
(TLS1_get_version(s) < TLS1_2_VERSION))
/* If it is a disabled cipher we didn't send it in client hello,
* so return an error.
*/
if (c->algorithm_ssl & ct->mask_ssl ||
c->algorithm_mkey & ct->mask_k ||
c->algorithm_auth & ct->mask_a)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);