Don't advertise ECC ciphersuits in SSLv2 compatible client hello.

PR#3374 (cherry picked from commit 0436369fccd128cb7f6a8538d5fed1c876c437af)
author: Tomas Mraz <tmraz@redhat.com> 2014-06-27 16:49:22 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-06-27 16:52:15 +0100
commit: 1fcfd61ee7f5748acd8b45af6c7bb7ba255df556 (patch)
tree: b28219d1ee27c33168baebeea1602af628ed18f8 /ssl/s23_lib.c
parent: 121f386ec7a5384cfd4c0bb0f86e9ddd02c69a6e (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
index 0b82777b2a..9ec6d14ddc 100644
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -112,6 +112,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	long l;
 
 	/* We can write SSLv2 and SSLv3 ciphers */
+	/* but no ECC ciphers */
+	if (c->algorithm_mkey == SSL_kECDHr ||
+		c->algorithm_mkey == SSL_kECDHe ||
+		c->algorithm_mkey == SSL_kEECDH ||
+		c->algorithm_auth == SSL_aECDH ||
+		c->algorithm_auth == SSL_aECDSA)
+		return 0;
 	if (p != NULL)
 		{
 		l=c->id;
author	Tomas Mraz <tmraz@redhat.com>	2014-06-27 16:49:22 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-06-27 16:52:15 +0100
commit	1fcfd61ee7f5748acd8b45af6c7bb7ba255df556 (patch)
tree	b28219d1ee27c33168baebeea1602af628ed18f8 /ssl/s23_lib.c
parent	121f386ec7a5384cfd4c0bb0f86e9ddd02c69a6e (diff)