diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-10-07 15:07:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-10-07 15:07:19 +0000 |
commit | 6dd547398acfd022cd0f7354b9ab6a83bea3176a (patch) | |
tree | b6550897cc46b7a5b4cc8712dc2719e4cd5b0f2d /ssl | |
parent | 66bb328e1182bffe3b26c677802ec620a4eddfc9 (diff) |
use client version when eliminating TLS v1.2 ciphersuites in client hello
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
-rw-r--r-- | ssl/tls1.h | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4c4665b088..c983474f58 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1381,7 +1381,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, c=sk_SSL_CIPHER_value(sk,i); /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ if ((c->algorithm_ssl & SSL_TLSV1_2) && - (TLS1_get_version(s) < TLS1_2_VERSION)) + (TLS1_get_client_version(s) < TLS1_2_VERSION)) continue; #ifndef OPENSSL_NO_KRB5 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && diff --git a/ssl/tls1.h b/ssl/tls1.h index 8fe7d7cef2..14b5d9bfdf 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -174,6 +174,9 @@ extern "C" { #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) +#define TLS1_get_client_version(s) \ + ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) + #define TLS1_AD_DECRYPTION_FAILED 21 #define TLS1_AD_RECORD_OVERFLOW 22 #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ |