Make use of SSL_IS_DTLS, SSL_USE_EXPLICIT_IV, SSL_USE_SIGALGS and

SSL_USE_TLS1_2_CIPHERS. Largely based on OpenSSL head.
author: jsing <jsing@openbsd.org> 2014-05-30 14:01:11 +0000
committer: jsing <jsing@openbsd.org> 2014-05-30 14:01:11 +0000
commit: e27a4fbc59fc24c61dde4d346e8ef3d550365271 (patch)
tree: 74edb1578efc479481873499374fc09897f580d8 /lib/libssl/s3_lib.c
parent: SBus glue for qlw(4) for sparc. Untested. (diff)
download: wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.tar.xz
wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 2c15a87269b..da69caa6dd9 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -3022,9 +3022,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 	for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
 		c = sk_SSL_CIPHER_value(prio, i);
 
-		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
+		/* Skip TLS v1.2 only ciphersuites if not supported. */
 		if ((c->algorithm_ssl & SSL_TLSV1_2) &&
-		    (TLS1_get_version(s) < TLS1_2_VERSION))
+		    !SSL_USE_TLS1_2_CIPHERS(s))
 			continue;
 
 		ssl_set_cert_masks(cert, c);
author	jsing <jsing@openbsd.org>	2014-05-30 14:01:11 +0000
committer	jsing <jsing@openbsd.org>	2014-05-30 14:01:11 +0000
commit	e27a4fbc59fc24c61dde4d346e8ef3d550365271 (patch)
tree	74edb1578efc479481873499374fc09897f580d8 /lib/libssl/s3_lib.c
parent	SBus glue for qlw(4) for sparc. Untested. (diff)
download	wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.tar.xz wireguard-openbsd-e27a4fbc59fc24c61dde4d346e8ef3d550365271.zip