aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/ssl/ssl_ciph.c')
-rw-r--r--openssl/ssl/ssl_ciph.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c
index b038c55ae..2cc9a4a21 100644
--- a/openssl/ssl/ssl_ciph.c
+++ b/openssl/ssl/ssl_ciph.c
@@ -235,8 +235,8 @@ static const SSL_CIPHER cipher_aliases[] = {
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
- {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, ~SSL_eNULL, 0, 0,
- 0, 0, 0, 0},
+ {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
+ SSL_EXP_MASK, 0, 0, 0},
/*
* key exchange aliases (some of those using only a single bit here
@@ -1027,6 +1027,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
if (cipher_id && cipher_id != cp->id)
continue;
#endif
+ if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
+ goto ok;
+ if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
+ goto ok;
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;
if (alg_auth && !(alg_auth & cp->algorithm_auth))
@@ -1045,6 +1049,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
continue;
}
+ ok:
+
#ifdef CIPHER_DEBUG
fprintf(stderr, "Action = %d\n", rule);
#endif