Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #7391
author: Tomas Mraz <tmraz@fedoraproject.org> 2018-10-12 17:24:14 +0200
committer: Kurt Roeckx <kurt@roeckx.be> 2018-11-10 21:29:36 +0100
commit: 75b68c9e4e8591a4ebe083cb207aeb121baf549f (patch)
tree: 8f78d60144e381d969167a4c5dbd1f52422c42e3 /ssl/ssl_cert.c
parent: 65042182fcafbd4c0dd8fdabaefdf1fd38dc6287 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 52a4a7eaad..7d7357fb3a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -951,8 +951,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
             if (level >= 2 && c->algorithm_enc == SSL_RC4)
                 return 0;
             /* Level 3: forward secure ciphersuites only */
-            if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
-                               !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
+            if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+                               !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
                 return 0;
             break;
         }
author	Tomas Mraz <tmraz@fedoraproject.org>	2018-10-12 17:24:14 +0200
committer	Kurt Roeckx <kurt@roeckx.be>	2018-11-10 21:29:36 +0100
commit	75b68c9e4e8591a4ebe083cb207aeb121baf549f (patch)
tree	8f78d60144e381d969167a4c5dbd1f52422c42e3 /ssl/ssl_cert.c
parent	65042182fcafbd4c0dd8fdabaefdf1fd38dc6287 (diff)