Set s->d1 to NULL after freeing it.

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 084e8bbb1b204c5d9080b3c1e7b70fa5955fccfb..4d87d2dbc4bf7f4b0b8a8f13c39e9cf41fe79e9b 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1379,6 +1379,13 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                return 1;
        /* Check version */
 
+       if (meth->version != TLS1_2_VERSION)
+               {
+               SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+                               SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+               return 0;
+               }
+
        switch(suiteb_flags)
                {
        case SSL_CERT_FLAG_SUITEB_128_LOS:
@@ -1394,6 +1401,8 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
                break;
                }
+       /* Set auto ECDH parameter determination */
+       c->ecdh_tmp_auto = 1;
        return 1;
        }