diff options
author | Tomas Mraz <tmraz@redhat.com> | 2014-06-27 16:49:22 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-27 16:52:15 +0100 |
commit | 1fcfd61ee7f5748acd8b45af6c7bb7ba255df556 (patch) | |
tree | b28219d1ee27c33168baebeea1602af628ed18f8 /ssl | |
parent | 121f386ec7a5384cfd4c0bb0f86e9ddd02c69a6e (diff) |
Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
PR#3374
(cherry picked from commit 0436369fccd128cb7f6a8538d5fed1c876c437af)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s23_lib.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 0b82777b2a..9ec6d14ddc 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -112,6 +112,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) long l; /* We can write SSLv2 and SSLv3 ciphers */ + /* but no ECC ciphers */ + if (c->algorithm_mkey == SSL_kECDHr || + c->algorithm_mkey == SSL_kECDHe || + c->algorithm_mkey == SSL_kEECDH || + c->algorithm_auth == SSL_aECDH || + c->algorithm_auth == SSL_aECDSA) + return 0; if (p != NULL) { l=c->id; |