Don't advertise ECC ciphersuits in SSLv2 compatible client hello. PR#3374
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 3bf7283..f3c29d1 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c
@@ -107,6 +107,13 @@ long l; /* We can write SSLv2 and SSLv3 ciphers */ + /* but no ECC ciphers */ + if (c->algorithm_mkey == SSL_kECDHr || + c->algorithm_mkey == SSL_kECDHe || + c->algorithm_mkey == SSL_kEECDH || + c->algorithm_auth == SSL_aECDH || + c->algorithm_auth == SSL_aECDSA) + return 0; if (p != NULL) { l=c->id;