[openssl] OpenSSL_1_1_1-stable update
beldmit at gmail.com
beldmit at gmail.com
Wed Dec 1 14:43:39 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via 76eb12aa278cb30a495bcee3fdc176d0a6c35052 (commit)
from 162bd56e99b2e73cfdc6777acb3f1b3dafccc9ba (commit)
- Log -----------------------------------------------------------------
commit 76eb12aa278cb30a495bcee3fdc176d0a6c35052
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Mon Nov 29 16:37:32 2021 +0100
No EtM for GOST ciphers
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17158)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions_clnt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 621fcfa561..9d38ac23b5 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1741,7 +1741,9 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* Ignore if inappropriate ciphersuite */
if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
&& s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
- && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
+ && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4
+ && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT
+ && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12)
s->ext.use_etm = 1;
return 1;
More information about the openssl-commits
mailing list