diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-07-25 21:45:17 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-07-25 21:45:17 +0000 |
| commit | c8c6e9ecd92a9d02a317999a2d5409b4216f2d50 (patch) | |
| tree | 34f4ccabe659130a46bb36a3c4a78ce8204d1db9 /ssl/ssl_lib.c | |
| parent | 90f3e4cf053ff1a9fcaec0899ffc5428f7cff28e (diff) | |
| download | openssl-new-c8c6e9ecd92a9d02a317999a2d5409b4216f2d50.tar.gz | |
Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
prohibit use of these ciphersuites for TLS < 1.2
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2cd78c13cc..65a515753e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1366,6 +1366,10 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { c=sk_SSL_CIPHER_value(sk,i); + /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ + if ((c->algorithm_ssl & SSL_TLSV1_2) && + (TLS1_get_version(s) < TLS1_2_VERSION)) + continue; #ifndef OPENSSL_NO_KRB5 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && nokrb5) |