Don't advertise ECC ciphersuits in SSLv2 compatible client hello. PR#3374

commit: 0436369fccd128cb7f6a8538d5fed1c876c437af [log] [tgz]
author: Tomas Mraz <tmraz@redhat.com> Fri Jun 27 16:49:22 2014 +0100
committer: Dr. Stephen Henson <steve@openssl.org> Fri Jun 27 16:51:26 2014 +0100
tree: 546c3da9e3f39d45a0d57ac234dfbfdc254bdee4
parent: 0535c2d67ca2d684087ef90be35d5fb207aab227 [diff] [blame]
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
index 3bf7283..f3c29d1 100644
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c

@@ -107,6 +107,13 @@
 	long l;
 
 	/* We can write SSLv2 and SSLv3 ciphers */
+	/* but no ECC ciphers */
+	if (c->algorithm_mkey == SSL_kECDHr ||
+		c->algorithm_mkey == SSL_kECDHe ||
+		c->algorithm_mkey == SSL_kEECDH ||
+		c->algorithm_auth == SSL_aECDH ||
+		c->algorithm_auth == SSL_aECDSA)
+		return 0;
 	if (p != NULL)
 		{
 		l=c->id;
commit	0436369fccd128cb7f6a8538d5fed1c876c437af	[log] [tgz]
author	Tomas Mraz <tmraz@redhat.com>	Fri Jun 27 16:49:22 2014 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	Fri Jun 27 16:51:26 2014 +0100
tree	546c3da9e3f39d45a0d57ac234dfbfdc254bdee4
parent	0535c2d67ca2d684087ef90be35d5fb207aab227 [diff] [blame]