diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-04-26 18:49:45 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-04-26 18:49:45 +0000 |
| commit | c76b7a1a82ba2cc04d3415804c20ccbb931598f0 (patch) | |
| tree | b470daaaeecad2473e48a3101fb8163004fe3670 /ssl | |
| parent | c940e07014fc135c95e0e81a126a0ece9adf45c5 (diff) | |
Don't try to use unvalidated composite ciphers in FIPS mode
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_ciph.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b96d26faba..92d1e94d6a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -620,6 +620,11 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, s->ssl_version < TLS1_VERSION) return 1; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return 1; +#endif + if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5 && (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) |