use client version when eliminating TLS v1.2 ciphersuites in client hello

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 0b5f234e5c5a7a266cca2d3534394bc51e151073..c983474f58e1a006825e44a3c9e281b976d27a80 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1075,7 +1075,7 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
                s->max_cert_list=larg;
                return(l);
        case SSL_CTRL_SET_MTU:
-               if (larg < dtls1_min_mtu())
+               if (larg < (long)dtls1_min_mtu())
                        return 0;
 
                if (SSL_version(s) == DTLS1_VERSION ||
@@ -1381,7 +1381,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                c=sk_SSL_CIPHER_value(sk,i);
                /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
                if ((c->algorithm_ssl & SSL_TLSV1_2) && 
-                       (TLS1_get_version(s) < TLS1_2_VERSION))
+                       (TLS1_get_client_version(s) < TLS1_2_VERSION))
                        continue;
 #ifndef OPENSSL_NO_KRB5
                if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&