generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and

Browse Source 
prohibit use of these ciphersuites for TLS < 1.2
This commit is contained in:
Dr. Stephen Henson
2011-07-25 20:41:32 +00:00
parent 2667162d33
commit d09677ac45
7 changed files with 203 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/ssl_lib.c
View File

@@ -1376,6 +1376,10 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
c=sk_SSL_CIPHER_value(sk,i);
/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
(TLS1_get_version(s) < TLS1_2_VERSION))
continue;
#ifndef OPENSSL_NO_KRB5
if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
nokrb5)