PR: 1921
authorDr. Stephen Henson <steve@openssl.org>
Wed, 13 May 2009 16:25:35 +0000 (16:25 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 13 May 2009 16:25:35 +0000 (16:25 +0000)
Submitted by: steve@openssl.org

Our DTLS implementation doesn't currently handle ECDHE so don't include
unsupported ciphers in client hello.

ssl/ssl_lib.c

index 7b911ae..df808e8 100644 (file)
@@ -1343,6 +1343,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                    s->psk_client_callback == NULL)
                        continue;
 #endif /* OPENSSL_NO_PSK */
+               /* DTLS doesn't currently support ECDHE */
+               if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
+                       continue;
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }