Set TLS v1.2 disabled mask properly.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)
ssl/s3_clnt.c

index 5ceb62488cf890ee462340c8469d709772e57313..24c180c4d7294a961463fe5a49a3fbdf6d9b9b28 100644 (file)
@@ -1073,6 +1073,11 @@ int ssl3_get_server_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
                goto f_err;
                }
+       /* Set version disabled mask now we know version */
+       if (!SSL_USE_TLS1_2_CIPHERS(s))
+               ct->mask_ssl = SSL_TLSV1_2;
+       else
+               ct->mask_ssl = 0;
        /* If it is a disabled cipher we didn't send it in client hello,
         * so return an error.
         */