diff options
| author | Parménides GV <parmegv@sdf.org> | 2014-09-26 09:46:26 +0200 |
|---|---|---|
| committer | Parménides GV <parmegv@sdf.org> | 2014-09-26 09:46:26 +0200 |
| commit | 394451dbae3e71282611058e00b5fd16c865f147 (patch) | |
| tree | 17b71034d9350a2848603f5edf0a8b13025909be /app/openssl/ssl/s3_lib.c | |
| parent | 644fd02cf8da95b0b5a99fb9f2142628dd27f7c2 (diff) | |
Revert "Updated native subprojects from ics-openvpn."
This reverts commit d0e7ba3029b2fd42582413aa95773fe7dbdede90.
I'll postpone this work for the next cycle, it's not trivial because it doesn't link properly.
Diffstat (limited to 'app/openssl/ssl/s3_lib.c')
| -rw-r--r-- | app/openssl/ssl/s3_lib.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/app/openssl/ssl/s3_lib.c b/app/openssl/ssl/s3_lib.c index 896d1e19..f84da7f5 100644 --- a/app/openssl/ssl/s3_lib.c +++ b/app/openssl/ssl/s3_lib.c @@ -2828,34 +2828,35 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ #ifndef OPENSSL_NO_PSK /* ECDH PSK ciphersuites from RFC 5489 */ - /* Cipher C035 */ + + /* Cipher C037 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256, SSL_kEECDH, SSL_aPSK, SSL_AES128, - SSL_SHA1, + SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA256, 128, 128, }, - /* Cipher C036 */ + /* Cipher C038 */ { 1, - TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384, SSL_kEECDH, SSL_aPSK, SSL_AES256, - SSL_SHA1, + SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + SSL_NOT_EXP|SSL_HIGH, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA384, 256, 256, }, @@ -3411,6 +3412,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; #endif case SSL_CTRL_CHANNEL_ID: + if (!s->server) + break; s->tlsext_channel_id_enabled = 1; ret = 1; break; @@ -3426,7 +3429,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } if (s->tlsext_channel_id_private) EVP_PKEY_free(s->tlsext_channel_id_private); - s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); + s->tlsext_channel_id_private = (EVP_PKEY*) parg; ret = 1; break; @@ -3741,7 +3744,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } if (ctx->tlsext_channel_id_private) EVP_PKEY_free(ctx->tlsext_channel_id_private); - ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); + ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; break; default: |