diff options
| author | marha <marha@users.sourceforge.net> | 2014-02-07 23:46:30 +0100 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2014-02-07 23:46:30 +0100 |
| commit | 6daf40f6b1138efad98dbb579cd35520cbc349bb (patch) | |
| tree | 7f45dbb347f5e1a73b18a720633b9d801c968490 /openssl/ssl/s3_lib.c | |
| parent | 5c64f94cf4cf8457a5616fe20b9a27174895f1a8 (diff) | |
| parent | 982ac918afe6a1c02d5cf735d7b6c56443a048cc (diff) | |
| download | vcxsrv-6daf40f6b1138efad98dbb579cd35520cbc349bb.tar.gz vcxsrv-6daf40f6b1138efad98dbb579cd35520cbc349bb.tar.bz2 vcxsrv-6daf40f6b1138efad98dbb579cd35520cbc349bb.zip | |
Merge remote-tracking branch 'origin/released'
* origin/released:
xkbcomp xkeyboard-config libxcb libxtrans fontconfig libX11 libxcb mesa xserver git update 7 Feb 2014
Conflicts:
mesalib/src/glsl/glcpp/glcpp.c
openssl/Makefile
Diffstat (limited to 'openssl/ssl/s3_lib.c')
| -rw-r--r-- | openssl/ssl/s3_lib.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/openssl/ssl/s3_lib.c b/openssl/ssl/s3_lib.c index e7c5dcb80..c4ef2738d 100644 --- a/openssl/ssl/s3_lib.c +++ b/openssl/ssl/s3_lib.c @@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES128, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 128, 128, @@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_AES256, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 256, 256, @@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s) s->s3->tmp.ecdh = NULL; } #endif +#ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_EC + s->s3->is_probably_safari = 0; +#endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_TLSEXT */ rp = s->s3->rbuf.buf; wp = s->s3->wbuf.buf; @@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ii=sk_SSL_CIPHER_find(allow,c); if (ii >= 0) { +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) + if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) + { + if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); + continue; + } +#endif ret=sk_SSL_CIPHER_value(allow,ii); break; } @@ -4274,7 +4286,7 @@ need to go to SSL_ST_ACCEPT. long ssl_get_algorithm2(SSL *s) { long alg2 = s->s3->tmp.new_cipher->algorithm2; - if (TLS1_get_version(s) >= TLS1_2_VERSION && + if (s->method->version == TLS1_2_VERSION && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; |