Don't use GOST ciphersuites with DTLS.
authorDmitry Belyavsky <beldmit@gmail.com>
Wed, 11 May 2016 20:00:12 +0000 (21:00 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 12 May 2016 11:02:38 +0000 (12:02 +0100)
RT#4438

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
ssl/s3_lib.c

index 9064abb..5d5293e 100644 (file)
@@ -2506,7 +2506,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eGOST2814789CNT,
      SSL_GOST89MAC,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_HIGH,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
      256,
@@ -2521,7 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eNULL,
      SSL_GOST94,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_STRONG_NONE,
      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
      0,
@@ -2536,7 +2536,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eGOST2814789CNT12,
      SSL_GOST89MAC12,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_HIGH,
      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
      256,
@@ -2551,7 +2551,7 @@ static SSL_CIPHER ssl3_ciphers[] =
      SSL_eNULL,
      SSL_GOST12_256,
      TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
      SSL_STRONG_NONE,
      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
      0,