diff options
author | Dmitry Belyavskiy <beldmit@gmail.com> | 2021-11-28 10:21:21 +0100 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2021-11-29 16:30:27 +0100 |
commit | 09e1818a54cad2d348138427234660fcabae793e (patch) | |
tree | a52834351cd045b5316b6d758f1feccd2159a9fb /ssl | |
parent | 91b749a2726351aa5fb37db7064a9104df074c9b (diff) |
No EtM for GOST ciphers in TLS 1.2
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17150)
(cherry picked from commit d724da69389196cdb9ef8db036656882fbc5a6ab)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b38c9ca684..4cd7affe23 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1678,7 +1678,11 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4) + && s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT + && s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 + && s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA + && s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) s->ext.use_etm = 1; return 1; |