Don't advertise ECC ciphersuits in SSLv2 compatible client hello.

author Tomas Mraz <tmraz@redhat.com>

Fri, 27 Jun 2014 15:49:22 +0000 (16:49 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 27 Jun 2014 15:52:15 +0000 (16:52 +0100)
author Tomas Mraz <tmraz@redhat.com>
Fri, 27 Jun 2014 15:49:22 +0000 (16:49 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 15:52:15 +0000 (16:52 +0100)
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c

index 0b82777b2ae675657e114d771b95e473c15585a1..9ec6d14ddcaf20c28aab7f3080d3782f8b6f6358 100644 (file)
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -112,6 +112,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
         long l;
  
         /* We can write SSLv2 and SSLv3 ciphers */
+       /* but no ECC ciphers */
+       if (c->algorithm_mkey == SSL_kECDHr ||
+               c->algorithm_mkey == SSL_kECDHe ||
+               c->algorithm_mkey == SSL_kEECDH ||
+               c->algorithm_auth == SSL_aECDH ||
+               c->algorithm_auth == SSL_aECDSA)
+               return 0;
         if (p != NULL)
                 {
                 l=c->id;
author	Tomas Mraz <tmraz@redhat.com>
	Fri, 27 Jun 2014 15:49:22 +0000 (16:49 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 27 Jun 2014 15:52:15 +0000 (16:52 +0100)