jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Update openssl-pre2.patch

openssl-1.1.1
Hakase 2018-04-08 03:31:00 +09:00
parent e95167cfd2
commit 8ac8a02cde
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openssl-pre2.patch
View File

@ -150,21 +150,19 @@ diff -urN 1/ssl/s3_lib.c 2/ssl/s3_lib.c
/*
* Since TLS 1.3 ciphersuites can be used with any auth or
@@ -4211,16 +4191,24 @@
}
#endif
@@ -4214,13 +4194,22 @@
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
+ /* Skip 3DES over TLS v1.0 */
+ if (c->algorithm_enc == SSL_3DES &&
+ (s->version != TLS1_VERSION &&
+ (s->version != TLS1_VERSION &&
+ s->version != DTLS1_VERSION))
+ ok = 0;
+ /* not use ECDSA under TLS v1.2 */
+ // if ((alg_a & SSL_aECDSA) && s->version != TLS1_2_VERSION) ok = 0;
+ if ((alg_a & SSL_aRSA) && (alg_k & SSL_kRSA) && s->version == TLS1_2_VERSION) ok = 0;
+
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)