diff options
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index cb559d987f60..56dd43721e10 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -235,8 +235,7 @@ static const SSL_CIPHER cipher_aliases[] = { * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, - SSL_EXP_MASK, 0, 0, 0}, + {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0}, /* * key exchange aliases (some of those using only a single bit here @@ -1000,10 +999,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); #endif - if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) - goto ok; - if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) - goto ok; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -1020,10 +1015,11 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) continue; + if ((algo_strength & SSL_NOT_DEFAULT) + && !(cp->algo_strength & SSL_NOT_DEFAULT)) + continue; } - ok: - #ifdef CIPHER_DEBUG fprintf(stderr, "Action = %d\n", rule); #endif @@ -1307,6 +1303,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str, ca_list[j]->algo_strength & SSL_STRONG_MASK; } + if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) { + algo_strength |= SSL_NOT_DEFAULT; + } + if (ca_list[j]->valid) { /* * explicit ciphersuite found; its protocol version does not |