return error if Suite B mode is selected and TLS 1.2 can't be used.

(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson 2012-12-26 17:39:02 +00:00
parent e3c76874ad
commit b79df62eff
3 changed files with 9 additions and 0 deletions

View File

@ -2261,6 +2261,7 @@ void ERR_load_SSL_strings(void);
/* Function codes. */
#define SSL_F_AUTHZ_FIND_DATA 330
#define SSL_F_AUTHZ_VALIDATE 323
#define SSL_F_CHECK_SUITEB_CIPHER_LIST 331
#define SSL_F_CLIENT_CERTIFICATE 100
#define SSL_F_CLIENT_FINISHED 167
#define SSL_F_CLIENT_HELLO 101

View File

@ -1376,6 +1376,13 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
return 1;
/* Check version */
if (meth->version != TLS1_2_VERSION)
{
SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
return 0;
}
switch(suiteb_flags)
{
case SSL_CERT_FLAG_SUITEB_128_LOS:

View File

@ -72,6 +72,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{
{ERR_FUNC(SSL_F_AUTHZ_FIND_DATA), "AUTHZ_FIND_DATA"},
{ERR_FUNC(SSL_F_AUTHZ_VALIDATE), "AUTHZ_VALIDATE"},
{ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "CHECK_SUITEB_CIPHER_LIST"},
{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},