diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2016-03-08 20:26:38 +0100 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2016-03-09 19:10:28 +0100 |
| commit | ca3895f0b52628df29bcf87e139971904f4b9b28 (patch) | |
| tree | a8c7b5762dced9633219355017ae7d12ffb76c85 /ssl/ssl_ciph.c | |
| parent | Remove DES cipher alias (diff) | |
| download | openssl-ca3895f0b52628df29bcf87e139971904f4b9b28.tar.xz openssl-ca3895f0b52628df29bcf87e139971904f4b9b28.zip | |
Move disabling of RC4 for DTLS to the cipher list.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 1481bd20f7..c8c7f0281c 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -787,21 +787,30 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ - if ((c != NULL) && c->valid && - (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && - !(c->algorithm_mkey & disabled_mkey) && - !(c->algorithm_auth & disabled_auth) && - !(c->algorithm_enc & disabled_enc) && - !(c->algorithm_mac & disabled_mac)) { - co_list[co_list_num].cipher = c; - co_list[co_list_num].next = NULL; - co_list[co_list_num].prev = NULL; - co_list[co_list_num].active = 0; - co_list_num++; - /* - * if (!sk_push(ca_list,(char *)c)) goto err; - */ - } + if (c == NULL || !c->valid) + continue; + if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) + continue; + if ((c->algorithm_mkey & disabled_mkey) || + (c->algorithm_auth & disabled_auth) || + (c->algorithm_enc & disabled_enc) || + (c->algorithm_mac & disabled_mac)) + continue; + if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) && + c->min_tls == 0) + continue; + if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) && + c->min_dtls == 0) + continue; + + co_list[co_list_num].cipher = c; + co_list[co_list_num].next = NULL; + co_list[co_list_num].prev = NULL; + co_list[co_list_num].active = 0; + co_list_num++; + /* + * if (!sk_push(ca_list,(char *)c)) goto err; + */ } /* |