提交 6dd54739 编写于 作者: D Dr. Stephen Henson

use client version when eliminating TLS v1.2 ciphersuites in client hello

上级 66bb328e
......@@ -1381,7 +1381,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
c=sk_SSL_CIPHER_value(sk,i);
/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
(TLS1_get_version(s) < TLS1_2_VERSION))
(TLS1_get_client_version(s) < TLS1_2_VERSION))
continue;
#ifndef OPENSSL_NO_KRB5
if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
......
......@@ -174,6 +174,9 @@ extern "C" {
#define TLS1_get_version(s) \
((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
#define TLS1_get_client_version(s) \
((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
#define TLS1_AD_DECRYPTION_FAILED 21
#define TLS1_AD_RECORD_OVERFLOW 22
#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册