ssl3_clear(s);
s->version=DTLS1_VERSION;
}
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+ {
+ SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+ if (ciph != NULL)
+ {
+ if (ciph->algorithm_enc == SSL_RC4)
+ return NULL;
+ }
+
+ return ciph;
+ }
ssl3_put_cipher_by_char, \
ssl3_pending, \
ssl3_num_ciphers, \
- ssl3_get_cipher, \
+ dtls1_get_cipher, \
s_get_meth, \
dtls1_default_timeout, \
&DTLSv1_enc_data, \
void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
void dtls1_reset_seq_numbers(SSL *s, int rw);
long dtls1_default_timeout(void);
+SSL_CIPHER *dtls1_get_cipher(unsigned int u);
/* some client-only functions */