* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
- {0, SSL_TXT_CMPDEF, 0, SSL_kDHE | SSL_kECDHE, SSL_aNULL, ~SSL_eNULL, 0, 0,
- 0, 0, 0, 0},
+ {0, SSL_TXT_CMPDEF, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
/*
* key exchange aliases (some of those using only a single bit here
if ((algo_strength & SSL_STRONG_MASK)
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
continue;
+ if ((algo_strength & SSL_DEFAULT_MASK)
+ && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
+ continue;
}
#ifdef CIPHER_DEBUG
ca_list[j]->algo_strength & SSL_STRONG_MASK;
}
+ if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
+ if (algo_strength & SSL_DEFAULT_MASK) {
+ algo_strength &=
+ (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) |
+ ~SSL_DEFAULT_MASK;
+ if (!(algo_strength & SSL_DEFAULT_MASK)) {
+ found = 0;
+ break;
+ }
+ } else
+ algo_strength |=
+ ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+ }
+
if (ca_list[j]->valid) {
/*
* explicit ciphersuite found; its protocol version does not