diff options
Diffstat (limited to 'ssl/s3_lib.c')
| -rw-r--r-- | ssl/s3_lib.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d1497b115b..8334b0e90f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -45,7 +45,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AES128GCM, SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + DTLS1_3_VERSION, DTLS1_3_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC, 128, @@ -60,7 +60,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AES256GCM, SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + DTLS1_3_VERSION, DTLS1_3_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | SSL_QUIC, 256, @@ -76,7 +76,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_CHACHA20POLY1305, SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + DTLS1_3_VERSION, DTLS1_3_VERSION, SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | SSL_QUIC, 256, @@ -92,7 +92,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AES128CCM, SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + DTLS1_3_VERSION, DTLS1_3_VERSION, SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256, 128, @@ -107,7 +107,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, - 0, 0, + DTLS1_3_VERSION, DTLS1_3_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_SHA256, 64, /* CCM8 uses a short tag, so we have a low security strength */ @@ -3674,7 +3674,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { unsigned int id; - if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex) + if (SSL_CONNECTION_IS_VERSION13(sc) && sc->s3.did_kex) id = sc->s3.group_id; else id = sc->session->kex_group; @@ -4262,7 +4262,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *cl allow = srvr; } - if (SSL_CONNECTION_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_VERSION13(s)) { #ifndef OPENSSL_NO_PSK size_t j; @@ -4302,7 +4302,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *cl * Since TLS 1.3 ciphersuites can be used with any auth or * key exchange scheme skip tests. */ - if (!SSL_CONNECTION_IS_TLS13(s)) { + if (!SSL_CONNECTION_IS_VERSION13(s)) { mask_k = s->s3.tmp.mask_k; mask_a = s->s3.tmp.mask_a; #ifndef OPENSSL_NO_SRP @@ -4845,7 +4845,7 @@ int ssl_gensecret(SSL_CONNECTION *s, unsigned char *pms, size_t pmslen) int rv = 0; /* SSLfatal() called as appropriate in the below functions */ - if (SSL_CONNECTION_IS_TLS13(s)) { + if (SSL_CONNECTION_IS_VERSION13(s)) { /* * If we are resuming then we already generated the early secret * when we created the ClientHello, so don't recreate it. @@ -4888,7 +4888,7 @@ int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gense goto err; } - if (SSL_CONNECTION_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH")) + if (SSL_CONNECTION_IS_VERSION13(s) && EVP_PKEY_is_a(privkey, "DH")) EVP_PKEY_CTX_set_dh_pad(pctx, 1); pms = OPENSSL_malloc(pmslen); @@ -5040,7 +5040,7 @@ const char *SSL_get0_group_name(SSL *s) if (sc == NULL) return NULL; - if (SSL_CONNECTION_IS_TLS13(sc) && sc->s3.did_kex) + if (SSL_CONNECTION_IS_VERSION13(sc) && sc->s3.did_kex) id = sc->s3.group_id; else id = sc->session->kex_group; |