From 226751ae4a1f3e00021c43399d7bb51a99c22c17 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 8 Sep 2013 00:09:39 +0100 Subject: [PATCH] Set TLS v1.2 disabled mask properly. --- ssl/s3_clnt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 5ceb62488c..24c180c4d7 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1073,6 +1073,11 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); goto f_err; } + /* Set version disabled mask now we know version */ + if (!SSL_USE_TLS1_2_CIPHERS(s)) + ct->mask_ssl = SSL_TLSV1_2; + else + ct->mask_ssl = 0; /* If it is a disabled cipher we didn't send it in client hello, * so return an error. */ -- 2.25.1