* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
- {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, ~SSL_eNULL, 0, 0,
- 0, 0, 0, 0},
+ {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
+ SSL_EXP_MASK, 0, 0, 0},
/*
* key exchange aliases (some of those using only a single bit here
if (cipher_id && cipher_id != cp->id)
continue;
#endif
+ if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
+ goto ok;
+ if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
+ goto ok;
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;
if (alg_auth && !(alg_auth & cp->algorithm_auth))
continue;
}
+ ok:
+
#ifdef CIPHER_DEBUG
fprintf(stderr, "Action = %d\n", rule);
#endif
if (cm == NULL || cm->type == NID_undef)
return 1;
- /*-
- * According to draft-ietf-tls-compression-04.txt, the
- * compression number ranges should be the following:
- *
- * 0 to 63: methods defined by the IETF
- * 64 to 192: external party methods assigned by IANA
- * 193 to 255: reserved for private use
- */
+ /*-
+ * According to draft-ietf-tls-compression-04.txt, the
+ * compression number ranges should be the following:
+ *
+ * 0 to 63: methods defined by the IETF
+ * 64 to 192: external party methods assigned by IANA
+ * 193 to 255: reserved for private use
+ */
if (id < 193 || id > 255) {
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);