summaryrefslogtreecommitdiff
path: root/main/openssl/ssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'main/openssl/ssl/s3_lib.c')
-rw-r--r--main/openssl/ssl/s3_lib.c51
1 files changed, 28 insertions, 23 deletions
diff --git a/main/openssl/ssl/s3_lib.c b/main/openssl/ssl/s3_lib.c
index dca9858d..c378dd60 100644
--- a/main/openssl/ssl/s3_lib.c
+++ b/main/openssl/ssl/s3_lib.c
@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2426,13 +2426,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
SSL_kSRP,
- SSL_aNULL,
+ SSL_aSRP,
SSL_3DES,
SSL_SHA1,
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168,
+ 112,
168,
},
@@ -2474,7 +2474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
SSL_kSRP,
- SSL_aNULL,
+ SSL_aSRP,
SSL_AES128,
SSL_SHA1,
SSL_TLSV1,
@@ -2522,7 +2522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
SSL_kSRP,
- SSL_aNULL,
+ SSL_aSRP,
SSL_AES256,
SSL_SHA1,
SSL_TLSV1,
@@ -3952,10 +3952,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
emask_k = cert->export_mask_k;
emask_a = cert->export_mask_a;
#ifndef OPENSSL_NO_SRP
- mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
- emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+ if (s->srp_ctx.srp_Mask & SSL_kSRP)
+ {
+ mask_k |= SSL_kSRP;
+ emask_k |= SSL_kSRP;
+ mask_a |= SSL_aSRP;
+ emask_a |= SSL_aSRP;
+ }
#endif
-
+
#ifdef KSSL_DEBUG
/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
#endif /* KSSL_DEBUG */