Make TLS 1.2 ciphers work again. Since s->method does not reflect the final client version when a client hello is sent for SSLv23_client_method it can't be relied on to indicate if TLS 1.2 ciphers should be used. So use the client version instead.

commit: 1e2d4cb0e181ca6414b57c3e9a233bfa196d90a6 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Thu Apr 04 18:19:18 2013 +0100
committer: Dr. Stephen Henson <steve@openssl.org> Thu Apr 04 18:21:58 2013 +0100
tree: 0838ada474956b2709fd29f22d6945343ac1c9b4
parent: 99cda4376e75382f2b585bcb569080a225273e49 [diff] [blame]
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 101f4e9..f1cbc6f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h

@@ -453,6 +453,12 @@
  */
 #define SSL_USE_TLS1_2_CIPHERS(s)	\
 		(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
+ * flags because it may not be set to correct version yet.
+ */
+#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)	\
+		((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \
+		(!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION))
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC	0
commit	1e2d4cb0e181ca6414b57c3e9a233bfa196d90a6	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Thu Apr 04 18:19:18 2013 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	Thu Apr 04 18:21:58 2013 +0100
tree	0838ada474956b2709fd29f22d6945343ac1c9b4
parent	99cda4376e75382f2b585bcb569080a225273e49 [diff] [blame]