summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_sigalgs.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index f969e4f551..9c38a076ac 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.c,v 1.44 2022/06/29 07:54:54 tb Exp $ */ 1/* $OpenBSD: ssl_sigalgs.c,v 1.45 2022/06/29 07:55:59 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -272,6 +272,9 @@ ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level)
272static const struct ssl_sigalg * 272static const struct ssl_sigalg *
273ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) 273ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
274{ 274{
275 if (SSL_get_security_level(s) > 1)
276 return NULL;
277
275 /* Default signature algorithms used for TLSv1.2 and earlier. */ 278 /* Default signature algorithms used for TLSv1.2 and earlier. */
276 switch (EVP_PKEY_id(pkey)) { 279 switch (EVP_PKEY_id(pkey)) {
277 case EVP_PKEY_RSA: 280 case EVP_PKEY_RSA:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 23:26:27 +0000