[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Dr. Stephen Henson
steve at openssl.org
Mon Nov 9 00:37:33 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via fdbe4a3fa669166efaec0d963e4216233368a7d9 (commit)
from 0c0f1361b29080380031b709f470e5bb3644e484 (commit)
- Log -----------------------------------------------------------------
commit fdbe4a3fa669166efaec0d963e4216233368a7d9
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sun Nov 8 13:47:53 2015 +0000
Reject TLS 1.2 ciphersuites if not allowed.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c5e0e36..3911c3d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1050,6 +1050,11 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
goto f_err;
}
+ /* Set version disabled mask now we know version */
+ if (!SSL_USE_TLS1_2_CIPHERS(s))
+ ct->mask_ssl = SSL_TLSV1_2;
+ else
+ ct->mask_ssl = 0;
/*
* If it is a disabled cipher we didn't send it in client hello, so
* return an error.
More information about the openssl-commits
mailing list