Don't fail the connection in SSLv3 if server selects ECDHE

ECDHE is not properly defined for SSLv3. Commit fe55c4a2 prevented ECDHE from being selected in that protocol. However, historically, servers do still select ECDHE anyway so that commit causes interoperability problems. Clients that previously worked when talking to an SSLv3 server could now fail. This commit introduces an exception which enables a client to continue in SSLv3 if the server selected ECDHE. (cherry picked from commit 8af91fd9d08487e0dffb6ccac5f42633c964f3f0) Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3734)
author: Matt Caswell <matt@openssl.org> 2017-04-12 17:02:42 +0100
committer: Matt Caswell <matt@openssl.org> 2017-06-21 11:17:22 +0100
commit: d717edf80ed3494a5a25c0b82ce61e5885de68ac (patch)
tree: 765c14e6ded7f86cbb6f27c1302117047cf36bac /ssl/ssl_locl.h
parent: fd91e61f522b236d80347f0910f778314fb6ae18 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index eb7e8c9d2b..de4a520c2a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2070,7 +2070,7 @@ __owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
 __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
                                    const unsigned char *sig, EVP_PKEY *pkey);
 void ssl_set_client_disabled(SSL *s);
-__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);
+__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
 
 __owur int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
                                             int maxlen);
author	Matt Caswell <matt@openssl.org>	2017-04-12 17:02:42 +0100
committer	Matt Caswell <matt@openssl.org>	2017-06-21 11:17:22 +0100
commit	d717edf80ed3494a5a25c0b82ce61e5885de68ac (patch)
tree	765c14e6ded7f86cbb6f27c1302117047cf36bac /ssl/ssl_locl.h
parent	fd91e61f522b236d80347f0910f778314fb6ae18 (diff)