Enable TLS 1.2 ciphers in DTLS 1.2.

Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in DTLS 1.2 mode too. (cherry picked from commit 4221c0dd30)
2013-03-27 19:54:48 +00:00
parent 919834dc84
commit b60b9e7afe
7 changed files with 59 additions and 35 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -178,7 +178,8 @@ SSL3_ENC_METHOD TLSv1_2_enc_data={
 	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
 	tls1_alert_code,
 	tls1_export_keying_material,
-	SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF,
+	SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF
+		|SSL_ENC_FLAG_TLS1_2_CIPHERS,
 	SSL3_HM_HEADER_LENGTH,
 	ssl3_set_handshake_header,
 	ssl3_handshake_write
@@ -1018,8 +1019,8 @@ void ssl_set_client_disabled(SSL *s)
 	int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
 	c->mask_a = 0;
 	c->mask_k = 0;
-	/* If less than TLS 1.2 don't allow TLS 1.2 only ciphers */
-	if (TLS1_get_client_version(s) < TLS1_2_VERSION)
+	/* Don't allow TLS 1.2 only ciphers if we don't suppport them */
+	if (!SSL_CLIENT_USE_TLS1_2_CIPHERS(s))
 		c->mask_ssl = SSL_TLSV1_2;
 	else
 		c->mask_ssl = 0;