diff options
| author | Andy Polyakov <appro@openssl.org> | 2007-10-05 21:04:56 +0000 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2007-10-05 21:04:56 +0000 |
| commit | 5d58f1bbfe23fe990293ecd209d1a8336c423a62 (patch) | |
| tree | 37994bd0e95ad37072b3d267108038aa0f7e6500 /ssl/d1_lib.c | |
| parent | fcd1cb666c450c0cd0c459547e7d8277ab009d85 (diff) | |
Prohibit RC4 in DTLS.
Diffstat (limited to 'ssl/d1_lib.c')
| -rw-r--r-- | ssl/d1_lib.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 622d2f7f73..d9486916f2 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -167,3 +167,23 @@ void dtls1_clear(SSL *s) ssl3_clear(s); s->version=DTLS1_VERSION; } + +/* + * As it's impossible to use stream ciphers in "datagram" mode, this + * simple filter is designed to disengage them in DTLS. Unfortunately + * there is no universal way to identify stream SSL_CIPHER, so we have + * to explicitly list their SSL_* codes. Currently RC4 is the only one + * available, but if new ones emerge, they will have to be added... + */ +SSL_CIPHER *dtls1_get_cipher(unsigned int u) + { + SSL_CIPHER *ciph = ssl3_get_cipher(u); + + if (ciph != NULL) + { + if (ciph->algorithm_enc == SSL_RC4) + return NULL; + } + + return ciph; + } |