diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-10-07 15:07:36 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-10-07 15:07:36 +0000 |
| commit | b08b158b44e3bcd5afddf9b1b79362fe4a309821 (patch) | |
| tree | a83d48254e40b8a8bc1ec2fdeb3ac7aa6d5cd40c | |
| parent | 177f27d71ec5d77c4d6bc40015b114c093e3782a (diff) | |
use client version when eliminating TLS v1.2 ciphersuites in client hello
| -rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
| -rw-r--r-- | ssl/tls1.h | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4ebdde2fa3..ee84bb78d8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1371,7 +1371,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, c=sk_SSL_CIPHER_value(sk,i); /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) + (TLS1_get_client_version(s) < TLS1_2_VERSION)) continue; #ifndef OPENSSL_NO_KRB5 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && diff --git a/ssl/tls1.h b/ssl/tls1.h index ef5d5ef357..75ddfcad8d 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -174,6 +174,9 @@ extern "C" { #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) +#define TLS1_get_client_version(s) \ + ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) + #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ |