Make auto DH work with DHEPSK
authorDr. Stephen Henson <steve@openssl.org>
Sun, 28 Jun 2015 16:01:52 +0000 (17:01 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 30 Jul 2015 13:43:35 +0000 (14:43 +0100)
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/t1_lib.c

index a91e152..47abf2b 100644 (file)
@@ -4165,7 +4165,7 @@ DH *ssl_get_auto_dh(SSL *s)
     int dh_secbits = 80;
     if (s->cert->dh_tmp_auto == 2)
         return DH_get_1024_160();
-    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
         if (s->s3->tmp.new_cipher->strength_bits == 256)
             dh_secbits = 128;
         else