diff options
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index d7a6f95..522f0e6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1072,14 +1072,6 @@ void ssl_set_client_disabled(SSL *s) if (s->client_version == SSL3_VERSION) s->s3->tmp.mask_ssl |= SSL_TLSV1; ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); - /* - * Disable static DH if we don't include any appropriate signature - * algorithms. - */ - if (s->s3->tmp.mask_a & SSL_aRSA) - s->s3->tmp.mask_k |= SSL_kECDHr; - if (s->s3->tmp.mask_a & SSL_aECDSA) - s->s3->tmp.mask_k |= SSL_kECDHe; # ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { @@ -1130,8 +1122,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK) - || (alg_a & SSL_aECDSA))) { + if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) + || (alg_a & SSL_aECDSA)) { using_ecc = 1; break; } @@ -1507,8 +1499,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, #ifndef OPENSSL_NO_EC unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - int using_ecc = (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) - || (alg_a & SSL_aECDSA); + int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); #endif @@ -2815,8 +2806,7 @@ int ssl_check_serverhello_tlsext(SSL *s) && (s->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) - && ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) - || (alg_a & SSL_aECDSA))) { + && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list; |