Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't

enable disabled ciphersuites.

diff --git a/CHANGES b/CHANGES
index e8d45736c6bf0f4a609f90d43307599395950c5a..8a1e4ed20019d7b1ab35f9d0913076de69af9246 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
+ Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 
   *) Delta CRL support. New use deltas option which will attempt to locate
      and search any appropriate delta CRLs available.
@@ -703,6 +703,15 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
+ Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
  Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
 
   *) Fix a state transitition in s3_srvr.c and d1_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8cf1e1fd823d70fdf3e9ef6d60cf42ad7e246214..b124a8559c5e2217a28c2bf58e77855aa248253e 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -947,22 +947,28 @@ int ssl3_get_client_hello(SSL *s)
                                break;
                                }
                        }
-               if (j == 0)
+               if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
                        {
-                       if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
+                       /* Special case as client bug workaround: the previously used cipher may
+                        * not be in the current list, the client instead might be trying to
+                        * continue using a cipher that before wasn't chosen due to server
+                        * preferences.  We'll have to reject the connection if the cipher is not
+                        * enabled, though. */
+                       c = sk_SSL_CIPHER_value(ciphers, 0);
+                       if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
                                {
-                               /* Very bad for multi-threading.... */
-                               s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
-                               }
-                       else
-                               {
-                               /* we need to have the cipher in the cipher
-                                * list if we are asked to reuse it */
-                               al=SSL_AD_ILLEGAL_PARAMETER;
-                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
-                               goto f_err;
+                               s->session->cipher = c;
+                               j = 1;
                                }
                        }
+               if (j == 0)
+                       {
+                       /* we need to have the cipher in the cipher
+                        * list if we are asked to reuse it */
+                       al=SSL_AD_ILLEGAL_PARAMETER;
+                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
+                       goto f_err;
+                       }
                }
 
        /* compression */