Enable TLS 1.2 ciphers in DTLS 1.2.

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b92d879f3d70543c3b1fa1961a4d25e214499d82..7ad8a541faacc114c879c1313bb96cf831928133 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3372,7 +3372,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 
 #ifndef OPENSSL_NO_HEARTBEATS
        case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
-               if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+               if (SSL_IS_DTLS(s))
                        ret = dtls1_heartbeat(s);
                else
                        ret = tls1_heartbeat(s);
@@ -3493,7 +3493,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
 
        case SSL_CTRL_GET_PEER_SIGNATURE_NID:
-               if (TLS1_get_version(s) >= TLS1_2_VERSION)
+               if (SSL_USE_SIGALGS(s))
                        {
                        if (s->session && s->session->sess_cert)
                                {
@@ -4080,9 +4080,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                {
                c=sk_SSL_CIPHER_value(prio,i);
 
-               /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
+               /* Skip TLS v1.2 only ciphersuites if not supported */
                if ((c->algorithm_ssl & SSL_TLSV1_2) && 
-                       (TLS1_get_version(s) < TLS1_2_VERSION))
+                       !SSL_USE_TLS1_2_CIPHERS(s))
                        continue;
 
                ssl_set_cert_masks(cert,c);