diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 17:34:50 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-26 17:34:50 +0000 |
commit | 4347394a277b0ca0737ff399f65c27899fb3b032 (patch) | |
tree | 07d8e6ab3afa945fa03e97b8f6418c74bb3b2d60 /ssl/ssl_ciph.c | |
parent | 53bb723834f523d09cbb05adad4bc5ce3c672d59 (diff) |
add Suite B 128 bit mode offering only combination 2
(backport from HEAD)
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r-- | ssl/ssl_ciph.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 12c0bf2c3d..8018d11e65 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1351,11 +1351,16 @@ static int ssl_cipher_process_rulestr(const char *rule_str, static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { - unsigned int suiteb_flags = 0; + unsigned int suiteb_flags = 0, suiteb_comb2 = 0; if (!strcmp(*prule_str, "SUITEB128")) suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; else if (!strcmp(*prule_str, "SUITEB128ONLY")) suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; + else if (!strcmp(*prule_str, "SUITEB128C2")) + { + suiteb_comb2 = 1; + suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; + } else if (!strcmp(*prule_str, "SUITEB192")) suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; @@ -1374,7 +1379,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, switch(suiteb_flags) { case SSL_CERT_FLAG_SUITEB_128_LOS: - *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; + if (suiteb_comb2) + *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384"; + else + *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; break; case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256"; |