From 661d35dfb20e4f696fb03e373020367f9306f36c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 16 May 2009 11:16:15 +0000 Subject: [PATCH] Disable ECDHE in DTLS in a cleaner way. --- ssl/d1_lib.c | 3 +++ ssl/ssl_lib.c | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 6450c1de85..58ea86304f 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -203,6 +203,9 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u) { if (ciph->algorithm_enc == SSL_RC4) return NULL; + /* We currently don't support ECDH either */ + if (ciph->algorithm_mkey & SSL_kEECDH) + return NULL; } return ciph; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index df808e817b..7b911ae1ea 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1343,9 +1343,6 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, s->psk_client_callback == NULL) continue; #endif /* OPENSSL_NO_PSK */ - /* DTLS doesn't currently support ECDHE */ - if ((s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) && (c->algorithm_mkey & SSL_kEECDH)) - continue; j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); p+=j; } -- 2.25.1