From 4dcb4b91db26de8716c2f43ffb710175fc3279fc Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 15 Mar 2015 00:26:26 +0100 Subject: [PATCH] return unexpected message when receiving kx with kDHr or kDHd It was saying that it was an illegal parameter / unsupported cipher Reviewed-by: Matt Caswell --- ssl/s3_clnt.c | 5 ----- ssl/ssl.h | 1 - ssl/ssl_err.c | 2 -- 3 files changed, 8 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 81381efa78..f4b60bed49 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1722,11 +1722,6 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_dh_tmp = dh; dh = NULL; - } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, - SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; } #endif /* !OPENSSL_NO_DH */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 3a6f9fbe17..dec3abc859 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2387,7 +2387,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 -# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 75ca68438a..5792906744 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -665,8 +665,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "tls peer did not respond with certificate list"}, {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, - {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), - "tried to use unsupported cipher"}, {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, -- 2.25.1