Don't use GOST ciphersuites with DTLS.

author Dmitry Belyavsky <beldmit@gmail.com>

Wed, 11 May 2016 20:00:12 +0000 (21:00 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 12 May 2016 11:02:38 +0000 (12:02 +0100)
author Dmitry Belyavsky <beldmit@gmail.com>
Wed, 11 May 2016 20:00:12 +0000 (21:00 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 12 May 2016 11:02:38 +0000 (12:02 +0100)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 9064abb7ce3e382ce8d5987f35a4a98add78ee14..5d5293e1fce10df30ef568c3361f46ad075c197a 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2506,7 +2506,7 @@ static SSL_CIPHER ssl3_ciphers[] =
       SSL_eGOST2814789CNT,
       SSL_GOST89MAC,
       TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
       SSL_HIGH,
       SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
       256,
@@ -2521,7 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] =
       SSL_eNULL,
       SSL_GOST94,
       TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
       SSL_STRONG_NONE,
       SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
       0,
@@ -2536,7 +2536,7 @@ static SSL_CIPHER ssl3_ciphers[] =
       SSL_eGOST2814789CNT12,
       SSL_GOST89MAC12,
       TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
       SSL_HIGH,
       SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
       256,
@@ -2551,7 +2551,7 @@ static SSL_CIPHER ssl3_ciphers[] =
       SSL_eNULL,
       SSL_GOST12_256,
       TLS1_VERSION, TLS1_2_VERSION,
-     DTLS1_VERSION, DTLS1_2_VERSION,
+     0, 0,
       SSL_STRONG_NONE,
       SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
       0,
author	Dmitry Belyavsky <beldmit@gmail.com>
	Wed, 11 May 2016 20:00:12 +0000 (21:00 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 12 May 2016 11:02:38 +0000 (12:02 +0100)