diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-03-27 19:54:48 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-09-18 13:46:02 +0100 |
commit | b60b9e7afe649a564db13dbf10ca571e973844c1 (patch) | |
tree | cb50a28c6410f8cdcc9e172d213c49e4abc410e2 /ssl/s3_lib.c | |
parent | 919834dc847d0652c58da641f867fe21ad2774ac (diff) |
Enable TLS 1.2 ciphers in DTLS 1.2.
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
(cherry picked from commit 4221c0dd3004117c63b182af5e8ab345b7265902)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 59d2fbbfac..e418c6428d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3383,7 +3383,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_HEARTBEATS case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT: - if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + if (SSL_IS_DTLS(s)) ret = dtls1_heartbeat(s); else ret = tls1_heartbeat(s); @@ -3505,7 +3505,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_cert_store(s->cert, parg, 1, larg); case SSL_CTRL_GET_PEER_SIGNATURE_NID: - if (TLS1_get_version(s) >= TLS1_2_VERSION) + if (SSL_USE_SIGALGS(s)) { if (s->session && s->session->sess_cert) { @@ -4085,9 +4085,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, { c=sk_SSL_CIPHER_value(prio,i); - /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ + /* Skip TLS v1.2 only ciphersuites if not supported */ if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) + !SSL_USE_TLS1_2_CIPHERS(s)) continue; ssl_set_cert_masks(cert,c); |