forked from rpms/openssl
0376d8368c
- do not include ECC ciphersuites in SSLv2 client hello (#1090952) - fail on hmac integrity check if the .hmac file is empty
18 lines
606 B
Diff
18 lines
606 B
Diff
diff -up openssl-1.0.1e/ssl/s23_lib.c.ssl2noec openssl-1.0.1e/ssl/s23_lib.c
|
|
--- openssl-1.0.1e/ssl/s23_lib.c.ssl2noec 2013-02-11 16:26:04.000000000 +0100
|
|
+++ openssl-1.0.1e/ssl/s23_lib.c 2014-05-06 15:51:54.053293674 +0200
|
|
@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_C
|
|
long l;
|
|
|
|
/* We can write SSLv2 and SSLv3 ciphers */
|
|
+ /* but no ECC ciphers */
|
|
+ if (c->algorithm_mkey == SSL_kECDHr ||
|
|
+ c->algorithm_mkey == SSL_kECDHe ||
|
|
+ c->algorithm_mkey == SSL_kEECDH ||
|
|
+ c->algorithm_auth == SSL_aECDH ||
|
|
+ c->algorithm_auth == SSL_aECDSA)
|
|
+ return 0;
|
|
if (p != NULL)
|
|
{
|
|
l=c->id;
|