return error if Suite B mode is selected and TLS 1.2 can't be used.

(backport from HEAD)

ssl/ssl.h

@@ -2261,6 +2261,7 @@ void ERR_load_SSL_strings(void);
 /* Function codes. */
 #define SSL_F_AUTHZ_FIND_DATA				 330
 #define SSL_F_AUTHZ_VALIDATE				 323
+#define SSL_F_CHECK_SUITEB_CIPHER_LIST			 331
 #define SSL_F_CLIENT_CERTIFICATE			 100
 #define SSL_F_CLIENT_FINISHED				 167
 #define SSL_F_CLIENT_HELLO				 101

ssl/ssl_ciph.c

@@ -1376,6 +1376,13 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 		return 1;
 	/* Check version */
 
+	if (meth->version != TLS1_2_VERSION)
+		{
+		SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+				SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+		return 0;
+		}
+
 	switch(suiteb_flags)
 		{
 	case SSL_CERT_FLAG_SUITEB_128_LOS:

ssl/ssl_err.c

@@ -72,6 +72,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 	{
 {ERR_FUNC(SSL_F_AUTHZ_FIND_DATA),	"AUTHZ_FIND_DATA"},
 {ERR_FUNC(SSL_F_AUTHZ_VALIDATE),	"AUTHZ_VALIDATE"},
+{ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST),	"CHECK_SUITEB_CIPHER_LIST"},
 {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE),	"CLIENT_CERTIFICATE"},
 {ERR_FUNC(SSL_F_CLIENT_FINISHED),	"CLIENT_FINISHED"},
 {ERR_FUNC(SSL_F_CLIENT_HELLO),	"CLIENT_HELLO"},