From 4e50f0263807f1b44ecbe0fc0a84b090b114be7b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 29 Apr 2009 14:12:54 +0000 Subject: [PATCH] If an SSLv2 method is explicitly asked for use the SSLv2 cipher string: assume an application *really* wants SSLv2 if they do that. Otherwise stick with the default which excludes all SSLv2 cipher suites. --- ssl/ssl_lib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2ad60fe649..7b911ae1ea 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -259,7 +259,8 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) ctx->method=meth; sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), - &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); + &(ctx->cipher_list_by_id), + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); @@ -1528,7 +1529,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ssl_create_cipher_list(ret->method, &ret->cipher_list,&ret->cipher_list_by_id, - SSL_DEFAULT_CIPHER_LIST); + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { -- 2.25.1