Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #7391 (cherry picked from commit 75b68c9e4e8591a4ebe083cb207aeb121baf549f)
author: Tomas Mraz <tmraz@fedoraproject.org> 2018-10-12 17:24:14 +0200
committer: Kurt Roeckx <kurt@roeckx.be> 2018-11-10 21:30:27 +0100
commit: e37b7014f3f52124b787ca1b5b51b0111462a0ac (patch)
tree: 281f5785f083039238ab5f42a1b6a5839972f8fe /ssl/ssl_cert.c
parent: 98f62979b2e6233470619c9adfa44704a7036699 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 52a4a7eaad..7d7357fb3a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -951,8 +951,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
             if (level >= 2 && c->algorithm_enc == SSL_RC4)
                 return 0;
             /* Level 3: forward secure ciphersuites only */
-            if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
-                               !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
+            if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+                               !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
                 return 0;
             break;
         }
author	Tomas Mraz <tmraz@fedoraproject.org>	2018-10-12 17:24:14 +0200
committer	Kurt Roeckx <kurt@roeckx.be>	2018-11-10 21:30:27 +0100
commit	e37b7014f3f52124b787ca1b5b51b0111462a0ac (patch)
tree	281f5785f083039238ab5f42a1b6a5839972f8fe /ssl/ssl_cert.c
parent	98f62979b2e6233470619c9adfa44704a7036699 (diff)