Skip to content

Commit

Permalink
Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
Browse files Browse the repository at this point in the history 
PR#3374
(cherry picked from commit 0436369)
  • Loading branch information
@snhenson
Tomas Mraz authored and snhenson committed Jun 27, 2014
1 parent 86cac6d commit cf01566
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions ssl/s23_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
long l;

/* We can write SSLv2 and SSLv3 ciphers */
/* but no ECC ciphers */
if (c->algorithm_mkey == SSL_kECDHr ||
c->algorithm_mkey == SSL_kECDHe ||
c->algorithm_mkey == SSL_kEECDH ||
c->algorithm_auth == SSL_aECDH ||
c->algorithm_auth == SSL_aECDSA)
return 0;
if (p != NULL)
{
l=c->id;
Expand Down

0 comments on commit cf01566

Please sign in to comment.