rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity
90121b0c9d
openssl/openssl-1.1.1-seclevel-check.patch
Tomas Mraz 62ec0f1fa9 update to the latest 1.1.1 beta version
2018-08-22 12:41:26 +02:00

15 lines
648 B
Diff
Raw Blame History

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index df5cff79c9..e740a8c25d 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -947,7 +947,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;
/* Level 3: forward secure ciphersuites only */
- if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
+ if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
return 0;
break;
}
Reference in New Issue View Git Blame Copy Permalink