When processing ClientHello.cipher_suites, don't ignore cipher suites

listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: Emilia Kasper <emilia@openssl.org>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c336a85aa31df0dfb8195cbf38be2aeb96e2235f..d88e27db033e7f7966de63ba4132f377bf2d7cda 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1618,6 +1618,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                                        ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
                                goto err;
                                }
+                       p += n;
                        continue;
                        }