From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 13 May 2009 16:25:35 +0000 (+0000)
Subject: PR: 1921
X-Git-Tag: OpenSSL_1_0_0-beta3~89
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b3620451b2d08b37f744eeea9e77b5e629440655;p=oweals%2Fopenssl.git

PR: 1921
Submitted by: steve@openssl.org

Our DTLS implementation doesn't currently handle ECDHE so don't include
unsupported ciphers in client hello.
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7b911ae1ea..df808e817b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1343,6 +1343,9 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		    s->psk_client_callback == NULL)
 			continue;
 #endif /* OPENSSL_NO_PSK */
+		/* DTLS doesn't currently support ECDHE */
+		if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH))
+			continue;
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}