diff options
| author | Andy Polyakov <appro@openssl.org> | 2007-10-05 21:05:27 +0000 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2007-10-05 21:05:27 +0000 |
| commit | d5e858c55f4a4f9ec2b27896e839dffd2edc1578 (patch) | |
| tree | 6f51e3fb982c03fcb7fcf3bfc28a65de66e30e2d /ssl/d1_lib.c | |
| parent | fb8fcce2ac9e1a8a31f90349c14475548503a81c (diff) | |
Prohibit RC4 in DTLS [from HEAD].
Diffstat (limited to 'ssl/d1_lib.c')
| -rw-r--r-- | ssl/d1_lib.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d07a212fac..fc088b4148 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -188,3 +188,23 @@ void dtls1_clear(SSL *s) ssl3_clear(s); s->version=DTLS1_VERSION; } + +/* + * As it's impossible to use stream ciphers in "datagram" mode, this + * simple filter is designed to disengage them in DTLS. Unfortunately + * there is no universal way to identify stream SSL_CIPHER, so we have + * to explicitly list their SSL_* codes. Currently RC4 is the only one + * available, but if new ones emerge, they will have to be added... + */ +SSL_CIPHER *dtls1_get_cipher(unsigned int u) + { + SSL_CIPHER *ciph = ssl3_get_cipher(u); + + if (ciph != NULL) + { + if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) + return NULL; + } + + return ciph; + } |