Make TLS 1.2 ciphers work again. Since s->method does not reflect the final client version when a client hello is sent for SSLv23_client_method it can't be relied on to indicate if TLS 1.2 ciphers should be used. So use the client version instead.
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8cb018d..31daa50 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -1010,7 +1010,7 @@ c->mask_a = 0; c->mask_k = 0; /* Don't allow TLS 1.2 only ciphers if we don't suppport them */ - if (!SSL_USE_TLS1_2_CIPHERS(s)) + if (!SSL_CLIENT_USE_TLS1_2_CIPHERS(s)) c->mask_ssl = SSL_TLSV1_2; else c->mask_ssl = 0;