From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 16 May 2009 11:16:15 +0000 (+0000)
Subject: Disable ECDHE in DTLS in a cleaner way.
X-Git-Tag: OpenSSL_1_0_0-beta3~80
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=661d35dfb20e4f696fb03e373020367f9306f36c;p=oweals%2Fopenssl.git

Disable ECDHE in DTLS in a cleaner way.
---

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 6450c1de85..58ea86304f 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -203,6 +203,9 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
 		{
 		if (ciph->algorithm_enc == SSL_RC4)
 			return NULL;
+		/* We currently don't support ECDH either */
+		if (ciph->algorithm_mkey & SSL_kEECDH)
+			return NULL;
 		}
 
 	return ciph;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index df808e817b..7b911ae1ea 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1343,9 +1343,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		    s->psk_client_callback == NULL)
 			continue;
 #endif /* OPENSSL_NO_PSK */
-		/* DTLS doesn't currently support ECDHE */
-		if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
-			continue;
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}