diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-01 18:33:21 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-01 18:33:21 +0000 |
| commit | 4842dde80c6846518df9d1b8fe9dba6db217ffdc (patch) | |
| tree | 581a5f775c7131a3d517a344c1eebcccb3c2c698 /ssl/ssl_ciph.c | |
| parent | f91926a2409e96ffe8eb6f6233aaeb6c6a213112 (diff) | |
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 7f3e16080b..4d87d2dbc4 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1379,6 +1379,13 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, return 1; /* Check version */ + if (meth->version != TLS1_2_VERSION) + { + SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, + SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); + return 0; + } + switch(suiteb_flags) { case SSL_CERT_FLAG_SUITEB_128_LOS: |