Set TLS v1.2 disabled mask properly.

author Dr. Stephen Henson <steve@openssl.org>

Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 5ceb62488cf890ee462340c8469d709772e57313..24c180c4d7294a961463fe5a49a3fbdf6d9b9b28 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1073,6 +1073,11 @@ int ssl3_get_server_hello(SSL *s)
                 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
                 goto f_err;
                 }
+       /* Set version disabled mask now we know version */
+       if (!SSL_USE_TLS1_2_CIPHERS(s))
+               ct->mask_ssl = SSL_TLSV1_2;
+       else
+               ct->mask_ssl = 0;
         /* If it is a disabled cipher we didn't send it in client hello,
          * so return an error.
          */
author	Dr. Stephen Henson <steve@openssl.org>
	Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sat, 7 Sep 2013 23:09:39 +0000 (00:09 +0100)