diff options
| author | marha <marha@users.sourceforge.net> | 2012-06-15 14:13:55 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2012-06-15 14:13:55 +0200 |
| commit | 1501699f035761714a1d4540d65a1afb7c567abe (patch) | |
| tree | 4dd4d15583d9d542a699833331f34ceb10bbd6c3 /openssl/ssl/ssl_ciph.c | |
| parent | 38c18d1733e4eb5cc560a34bfe2470e01a06205d (diff) | |
| parent | a33de30073bfa0ee1abba186dba9fa52cf0aa23a (diff) | |
| download | vcxsrv-1501699f035761714a1d4540d65a1afb7c567abe.tar.gz vcxsrv-1501699f035761714a1d4540d65a1afb7c567abe.tar.bz2 vcxsrv-1501699f035761714a1d4540d65a1afb7c567abe.zip | |
Merge remote-tracking branch 'origin/released'
Conflicts:
freetype/src/raster/ftraster.c
openssl/Makefile
Diffstat (limited to 'openssl/ssl/ssl_ciph.c')
| -rw-r--r-- | openssl/ssl/ssl_ciph.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c index ac643c928..92d1e94d6 100644 --- a/openssl/ssl/ssl_ciph.c +++ b/openssl/ssl/ssl_ciph.c @@ -616,18 +616,24 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, { const EVP_CIPHER *evp; - if (s->ssl_version >= TLS1_VERSION && - c->algorithm_enc == SSL_RC4 && + if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || + s->ssl_version < TLS1_VERSION) + return 1; + +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return 1; +#endif + + if (c->algorithm_enc == SSL_RC4 && c->algorithm_mac == SSL_MD5 && (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) *enc = evp, *md = NULL; - else if (s->ssl_version >= TLS1_VERSION && - c->algorithm_enc == SSL_AES128 && + else if (c->algorithm_enc == SSL_AES128 && c->algorithm_mac == SSL_SHA1 && (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) *enc = evp, *md = NULL; - else if (s->ssl_version >= TLS1_VERSION && - c->algorithm_enc == SSL_AES256 && + else if (c->algorithm_enc == SSL_AES256 && c->algorithm_mac == SSL_SHA1 && (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) *enc = evp, *md = NULL; |