Use enc_flags when deciding protocol variations.

Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding which versions support each requirement. (cherry picked from commit cbd64894ec687c6f37d8e43c16dff78e63f6be87) Conflicts: ssl/ssl_locl.h
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-13 15:33:24 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-18 13:46:02 +0100
commit: 1b6ab411d32f5fb07e8c69d50f22c298ba95e0ba (patch)
tree: bd950b952c07beea1bb5e8d562b7c1e6748798ea /ssl/s3_lib.c
parent: d88d98edd361eda5fc254e0b3dd24e682cb60983 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c026c7b697..59d2fbbfac 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4474,14 +4474,14 @@ need to go to SSL_ST_ACCEPT.
 		}
 	return(ret);
 	}
-/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
- * to new SHA256 PRF and handshake macs
+/* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
+ * and handshake macs if required.
  */
 long ssl_get_algorithm2(SSL *s)
 	{
 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
-	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+	if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
+	    && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
 	return alg2;
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-13 15:33:24 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-18 13:46:02 +0100
commit	1b6ab411d32f5fb07e8c69d50f22c298ba95e0ba (patch)
tree	bd950b952c07beea1bb5e8d562b7c1e6748798ea /ssl/s3_lib.c
parent	d88d98edd361eda5fc254e0b3dd24e682cb60983 (diff)