summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c34
1 files changed, 23 insertions, 11 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index b73b5ac87f..c4ef2738d7 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1125,7 +1125,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1125 0, /* not implemented (non-ephemeral DH) */ 1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, 1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256, 1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHr, 1128 SSL_kDHd,
1129 SSL_aDH, 1129 SSL_aDH,
1130 SSL_AES128, 1130 SSL_AES128,
1131 SSL_SHA256, 1131 SSL_SHA256,
@@ -1407,7 +1407,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1407 0, /* not implemented (non-ephemeral DH) */ 1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, 1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256, 1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHr, 1410 SSL_kDHd,
1411 SSL_aDH, 1411 SSL_aDH,
1412 SSL_AES256, 1412 SSL_AES256,
1413 SSL_SHA256, 1413 SSL_SHA256,
@@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1683 SSL_3DES, 1683 SSL_3DES,
1684 SSL_SHA1, 1684 SSL_SHA1,
1685 SSL_TLSV1, 1685 SSL_TLSV1,
1686 SSL_NOT_EXP|SSL_HIGH, 1686 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688 168, 1688 168,
1689 168, 1689 168,
@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1699 SSL_AES128, 1699 SSL_AES128,
1700 SSL_SHA1, 1700 SSL_SHA1,
1701 SSL_TLSV1, 1701 SSL_TLSV1,
1702 SSL_NOT_EXP|SSL_HIGH, 1702 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704 128, 1704 128,
1705 128, 1705 128,
@@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1715 SSL_AES256, 1715 SSL_AES256,
1716 SSL_SHA1, 1716 SSL_SHA1,
1717 SSL_TLSV1, 1717 SSL_TLSV1,
1718 SSL_NOT_EXP|SSL_HIGH, 1718 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720 256, 1720 256,
1721 256, 1721 256,
@@ -1958,7 +1958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1958 0, 1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, 1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, 1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHr, 1961 SSL_kDHd,
1962 SSL_aDH, 1962 SSL_aDH,
1963 SSL_AES128GCM, 1963 SSL_AES128GCM,
1964 SSL_AEAD, 1964 SSL_AEAD,
@@ -1974,7 +1974,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1974 0, 1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, 1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, 1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHr, 1977 SSL_kDHd,
1978 SSL_aDH, 1978 SSL_aDH,
1979 SSL_AES256GCM, 1979 SSL_AES256GCM,
1980 SSL_AEAD, 1980 SSL_AEAD,
@@ -2669,7 +2669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2669 1, 2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, 2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, 2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHe, 2672 SSL_kECDHr,
2673 SSL_aECDH, 2673 SSL_aECDH,
2674 SSL_AES128, 2674 SSL_AES128,
2675 SSL_SHA256, 2675 SSL_SHA256,
@@ -2685,7 +2685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2685 1, 2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, 2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, 2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHe, 2688 SSL_kECDHr,
2689 SSL_aECDH, 2689 SSL_aECDH,
2690 SSL_AES256, 2690 SSL_AES256,
2691 SSL_SHA384, 2691 SSL_SHA384,
@@ -2799,7 +2799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2799 1, 2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, 2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHe, 2802 SSL_kECDHr,
2803 SSL_aECDH, 2803 SSL_aECDH,
2804 SSL_AES128GCM, 2804 SSL_AES128GCM,
2805 SSL_AEAD, 2805 SSL_AEAD,
@@ -2815,7 +2815,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
2815 1, 2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, 2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHe, 2818 SSL_kECDHr,
2819 SSL_aECDH, 2819 SSL_aECDH,
2820 SSL_AES256GCM, 2820 SSL_AES256GCM,
2821 SSL_AEAD, 2821 SSL_AEAD,
@@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s)
3037 s->s3->tmp.ecdh = NULL; 3037 s->s3->tmp.ecdh = NULL;
3038 } 3038 }
3039#endif 3039#endif
3040#ifndef OPENSSL_NO_TLSEXT
3041#ifndef OPENSSL_NO_EC
3042 s->s3->is_probably_safari = 0;
3043#endif /* !OPENSSL_NO_EC */
3044#endif /* !OPENSSL_NO_TLSEXT */
3040 3045
3041 rp = s->s3->rbuf.buf; 3046 rp = s->s3->rbuf.buf;
3042 wp = s->s3->wbuf.buf; 3047 wp = s->s3->wbuf.buf;
@@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4016 ii=sk_SSL_CIPHER_find(allow,c); 4021 ii=sk_SSL_CIPHER_find(allow,c);
4017 if (ii >= 0) 4022 if (ii >= 0)
4018 { 4023 {
4024#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4025 if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
4026 {
4027 if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
4028 continue;
4029 }
4030#endif
4019 ret=sk_SSL_CIPHER_value(allow,ii); 4031 ret=sk_SSL_CIPHER_value(allow,ii);
4020 break; 4032 break;
4021 } 4033 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:51:35 +0000