diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-05-13 16:25:35 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-05-13 16:25:35 +0000 |
commit | b3620451b2d08b37f744eeea9e77b5e629440655 (patch) | |
tree | 87d4d828783a7be16f3392f546efde5963692ca8 /ssl | |
parent | d2f17d9615affdd6b83855058a52e9deaafb9e12 (diff) |
PR: 1921
Submitted by: steve@openssl.org
Our DTLS implementation doesn't currently handle ECDHE so don't include
unsupported ciphers in client hello.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7b911ae1ea..df808e817b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1343,6 +1343,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, s->psk_client_callback == NULL) continue; #endif /* OPENSSL_NO_PSK */ + /* DTLS doesn't currently support ECDHE */ + if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH)) + continue; j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); p+=j; } |