Enable TLS 1.2 ciphers in DTLS 1.2.

Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in DTLS 1.2 mode too.
author: Dr. Stephen Henson <steve@openssl.org> 2013-03-27 19:54:48 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-03-28 14:14:27 +0000
commit: 4221c0dd3004117c63b182af5e8ab345b7265902 (patch)
tree: acd595e322ae6155ca4fe4d68139f2bd07614854 /ssl/t1_lib.c
parent: fbbaaccaca32742f09dfb02e5e28dcd20f64a17f (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b0e91ad3e5..8cb018d65e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -178,7 +178,8 @@ SSL3_ENC_METHOD TLSv1_2_enc_data={
 	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
 	tls1_alert_code,
 	tls1_export_keying_material,
-	SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF,
+	SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF
+		|SSL_ENC_FLAG_TLS1_2_CIPHERS,
 	SSL3_HM_HEADER_LENGTH,
 	ssl3_set_handshake_header,
 	ssl3_handshake_write
@@ -1008,8 +1009,8 @@ void ssl_set_client_disabled(SSL *s)
 	int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
 	c->mask_a = 0;
 	c->mask_k = 0;
-	/* If less than TLS 1.2 don't allow TLS 1.2 only ciphers */
-	if (TLS1_get_client_version(s) < TLS1_2_VERSION)
+	/* Don't allow TLS 1.2 only ciphers if we don't suppport them */
+	if (!SSL_USE_TLS1_2_CIPHERS(s))
 		c->mask_ssl = SSL_TLSV1_2;
 	else
 		c->mask_ssl = 0;
author	Dr. Stephen Henson <steve@openssl.org>	2013-03-27 19:54:48 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-03-28 14:14:27 +0000
commit	4221c0dd3004117c63b182af5e8ab345b7265902 (patch)
tree	acd595e322ae6155ca4fe4d68139f2bd07614854 /ssl/t1_lib.c
parent	fbbaaccaca32742f09dfb02e5e28dcd20f64a17f (diff)