Don't advertise ECC ciphersuits in SSLv2 compatible client hello.

PR#3374

Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
PR#3374
0436369f · Tomas Mraz · Dr. Stephen Henson · 0535c2d6 · 0436369f
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

ssl/s23_lib.c ssl/s23_lib.c +7 -0

未找到文件。
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	long l;

 	/* We can write SSLv2 and SSLv3 ciphers */
+	/* but no ECC ciphers */
+	if (c->algorithm_mkey == SSL_kECDHr ||
+		c->algorithm_mkey == SSL_kECDHe ||
+		c->algorithm_mkey == SSL_kEECDH ||
+		c->algorithm_auth == SSL_aECDH ||
+		c->algorithm_auth == SSL_aECDSA)
+		return 0;
 	if (p != NULL)
 		{
 		l=c->id;