If an SSLv2 method is explicitly asked for use the SSLv2 cipher string:

assume an application *really* wants SSLv2 if they do that. Otherwise stick with the default which excludes all SSLv2 cipher suites.
author: Dr. Stephen Henson <steve@openssl.org> 2009-04-29 14:12:54 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-04-29 14:12:54 +0000
commit: 4e50f0263807f1b44ecbe0fc0a84b090b114be7b (patch)
tree: fdc8eecba84f4167c8a5d817445c61acbd7a5140 /ssl/ssl_lib.c
parent: 174ea156470d728ae0820c8d9cd5fbb678300228 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2ad60fe649..7b911ae1ea 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -259,7 +259,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
 	ctx->method=meth;
 
 	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
-		&(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
+		&(ctx->cipher_list_by_id),
+		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
 		{
 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -1528,7 +1529,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 
 	ssl_create_cipher_list(ret->method,
 		&ret->cipher_list,&ret->cipher_list_by_id,
-		SSL_DEFAULT_CIPHER_LIST);
+		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
 	if (ret->cipher_list == NULL
 	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
 		{
author	Dr. Stephen Henson <steve@openssl.org>	2009-04-29 14:12:54 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-04-29 14:12:54 +0000
commit	4e50f0263807f1b44ecbe0fc0a84b090b114be7b (patch)
tree	fdc8eecba84f4167c8a5d817445c61acbd7a5140 /ssl/ssl_lib.c
parent	174ea156470d728ae0820c8d9cd5fbb678300228 (diff)