diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2018-10-12 17:24:14 +0200 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2018-11-10 21:30:27 +0100 |
commit | e37b7014f3f52124b787ca1b5b51b0111462a0ac (patch) | |
tree | 281f5785f083039238ab5f42a1b6a5839972f8fe /ssl/ssl_cert.c | |
parent | 98f62979b2e6233470619c9adfa44704a7036699 (diff) |
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #7391
(cherry picked from commit 75b68c9e4e8591a4ebe083cb207aeb121baf549f)
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 52a4a7eaad..7d7357fb3a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -951,8 +951,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, if (level >= 2 && c->algorithm_enc == SSL_RC4) return 0; /* Level 3: forward secure ciphersuites only */ - if (level >= 3 && (c->min_tls != TLS1_3_VERSION || - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))) + if (level >= 3 && c->min_tls != TLS1_3_VERSION && + !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) return 0; break; } |