X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_clnt.c;h=c821724be8bbc07c4ca701764d3f1d6758b27dd3;hp=af8db0064068edd87866d23150797bd89a55d8ef;hb=d09677ac4525d107669447c07f4fa2fe58a13fc8;hpb=2667162d33ab21b6477f224040106c1d460e9249

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index af8db00640..c821724be8 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -894,6 +894,14 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
 		goto f_err;
 		}
+	/* TLS v1.2 only ciphersuites require v1.2 or later */
+	if ((c->algorithm_ssl & SSL_TLSV1_2) && 
+		(TLS1_get_version(s) < TLS1_2_VERSION))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+		goto f_err;
+		}
 	p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
 	sk=ssl_get_ciphers_by_id(s);