forked from rpms/openssl
15 lines
648 B
Diff
15 lines
648 B
Diff
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
|
|
index df5cff79c9..e740a8c25d 100644
|
|
--- a/ssl/ssl_cert.c
|
|
+++ b/ssl/ssl_cert.c
|
|
@@ -947,7 +947,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
|
if (level >= 2 && c->algorithm_enc == SSL_RC4)
|
|
return 0;
|
|
/* Level 3: forward secure ciphersuites only */
|
|
- if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
|
|
+ if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
|
|
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
|
|
return 0;
|
|
break;
|
|
}
|