diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2015-03-15 00:26:26 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2015-03-23 21:08:20 +0100 |
commit | 4dcb4b91db26de8716c2f43ffb710175fc3279fc (patch) | |
tree | ec9cfa5487f39816819f02229a3dd9cbc800644b /ssl | |
parent | 93f1c13619c5b41f2dcfdbf6ae666f867922a87a (diff) |
return unexpected message when receiving kx with kDHr or kDHd
It was saying that it was an illegal parameter / unsupported cipher
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 5 | ||||
-rw-r--r-- | ssl/ssl.h | 1 | ||||
-rw-r--r-- | ssl/ssl_err.c | 2 |
3 files changed, 0 insertions, 8 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 81381efa78..f4b60bed49 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1722,11 +1722,6 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_dh_tmp = dh; dh = NULL; - } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; } #endif /* !OPENSSL_NO_DH */ @@ -2387,7 +2387,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 -# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 75ca68438a..5792906744 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -665,8 +665,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "tls peer did not respond with certificate list"}, {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, - {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), - "tried to use unsupported cipher"}, {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, |