From d9d5a12823d4ad9862f7626506236059f0d71f4f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 27 Jun 2014 16:49:22 +0100 Subject: [PATCH] Don't advertise ECC ciphersuits in SSLv2 compatible client hello. PR#3374 (cherry picked from commit 0436369fccd128cb7f6a8538d5fed1c876c437af) --- ssl/s23_lib.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 3bf728318a..f3c29d1dde 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) long l; /* We can write SSLv2 and SSLv3 ciphers */ + /* but no ECC ciphers */ + if (c->algorithm_mkey == SSL_kECDHr || + c->algorithm_mkey == SSL_kECDHe || + c->algorithm_mkey == SSL_kEECDH || + c->algorithm_auth == SSL_aECDH || + c->algorithm_auth == SSL_aECDSA) + return 0; if (p != NULL) { l=c->id;