Don't alow TLS v1.0 ciphersuites for SSLv3

This disables some ciphersuites which aren't supported in SSL v3: specifically PSK ciphersuites which use SHA256 or SHA384 for the MAC. Thanks to the Open Crypto Audit Project for identifying this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-11-13 14:37:24 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-11-14 00:06:32 +0000
commit: 2b573382f8e54aa03a1d8ffd48fa9d0a04609184 (patch)
tree: e509f3bb087dbdbf11ab5ef2e5d134e82e68387a /ssl/ssl_ciph.c
parent: 5e3d21fef150f020e2d33439401da8f7e311aa24 (diff)
download: openssl-2b573382f8e54aa03a1d8ffd48fa9d0a04609184.zip
openssl-2b573382f8e54aa03a1d8ffd48fa9d0a04609184.tar.gz
openssl-2b573382f8e54aa03a1d8ffd48fa9d0a04609184.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 5d0ec23..e386577 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1621,6 +1621,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 
     if (alg_ssl & SSL_SSLV3)
         ver = "SSLv3";
+    else if (alg_ssl & SSL_TLSV1)
+        ver = "TLSv1.0";
     else if (alg_ssl & SSL_TLSV1_2)
         ver = "TLSv1.2";
     else
author	Dr. Stephen Henson <steve@openssl.org>	2015-11-13 14:37:24 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-11-14 00:06:32 +0000
commit	2b573382f8e54aa03a1d8ffd48fa9d0a04609184 (patch)
tree	e509f3bb087dbdbf11ab5ef2e5d134e82e68387a /ssl/ssl_ciph.c
parent	5e3d21fef150f020e2d33439401da8f7e311aa24 (diff)
download	openssl-2b573382f8e54aa03a1d8ffd48fa9d0a04609184.zip openssl-2b573382f8e54aa03a1d8ffd48fa9d0a04609184.tar.gz openssl-2b573382f8e54aa03a1d8ffd48fa9d0a04609184.tar.bz2