diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-11-13 14:37:24 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-11-14 00:06:32 +0000 |
commit | 2b573382f8e54aa03a1d8ffd48fa9d0a04609184 (patch) | |
tree | e509f3bb087dbdbf11ab5ef2e5d134e82e68387a /ssl/ssl_ciph.c | |
parent | 5e3d21fef150f020e2d33439401da8f7e311aa24 (diff) | |
download | openssl-2b573382f8e54aa03a1d8ffd48fa9d0a04609184.tar.gz |
Don't alow TLS v1.0 ciphersuites for SSLv3
This disables some ciphersuites which aren't supported in SSL v3:
specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC.
Thanks to the Open Crypto Audit Project for identifying this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r-- | ssl/ssl_ciph.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 5d0ec23607..e386577e65 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1621,6 +1621,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) if (alg_ssl & SSL_SSLV3) ver = "SSLv3"; + else if (alg_ssl & SSL_TLSV1) + ver = "TLSv1.0"; else if (alg_ssl & SSL_TLSV1_2) ver = "TLSv1.2"; else |