DTLS 1.2 cached record support.

[oweals/openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 159d010c24f6c5729df6b1dcba62a43d45a7a0d7..7c649109ec75ae13e5b4aab6edaa1d1216f5f648 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -972,7 +972,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 #ifdef CIPHER_DEBUG
                        printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
 #endif
-
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+                       if (cipher_id && cipher_id != cp->id)
+                               continue;
+#endif
                        if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                                continue;
                        if (alg_auth && !(alg_auth & cp->algorithm_auth))
@@ -1347,7 +1350,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 
        return(retval);
        }
-
+#ifndef OPENSSL_NO_EC
 static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                                        const char **prule_str)
        {
@@ -1402,6 +1405,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
        c->ecdh_tmp_auto = 1;
        return 1;
        }
+#endif
 
 
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1421,10 +1425,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
                return NULL;
-
+#ifndef OPENSSL_NO_EC
        if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
                return NULL;
-
+#endif
 
        /*
         * To reduce the work to do we only want to process the compiled