From 48c16012e743a31c42d823a75bc3cb72b8fad85f Mon Sep 17 00:00:00 2001 From: Dmitry Belyavsky Date: Wed, 11 May 2016 21:00:12 +0100 Subject: [PATCH] Don't use GOST ciphersuites with DTLS. RT#4438 Reviewed-by: Matt Caswell Reviewed-by: Stephen Henson --- ssl/s3_lib.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 9064abb7ce..5d5293e1fc 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2506,7 +2506,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT, SSL_GOST89MAC, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, @@ -2521,7 +2521,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST94, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, @@ -2536,7 +2536,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eGOST2814789CNT12, SSL_GOST89MAC12, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_HIGH, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, @@ -2551,7 +2551,7 @@ static SSL_CIPHER ssl3_ciphers[] = SSL_eNULL, SSL_GOST12_256, TLS1_VERSION, TLS1_2_VERSION, - DTLS1_VERSION, DTLS1_2_VERSION, + 0, 0, SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 0, -- 2.25.1