diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 15 | 
1 files changed, 1 insertions, 14 deletions
| diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index ed2e78bdcc..ed5ac725a2 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -617,11 +617,6 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 617 | s->ssl_version < TLS1_VERSION) | 617 | s->ssl_version < TLS1_VERSION) | 
| 618 | return 1; | 618 | return 1; | 
| 619 | 619 | ||
| 620 | #ifdef OPENSSL_FIPS | ||
| 621 | if (FIPS_mode()) | ||
| 622 | return 1; | ||
| 623 | #endif | ||
| 624 | |||
| 625 | if (c->algorithm_enc == SSL_RC4 && | 620 | if (c->algorithm_enc == SSL_RC4 && | 
| 626 | c->algorithm_mac == SSL_MD5 && | 621 | c->algorithm_mac == SSL_MD5 && | 
| 627 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) | 622 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) | 
| @@ -798,9 +793,6 @@ CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | |||
| 798 | c = ssl_method->get_cipher(i); | 793 | c = ssl_method->get_cipher(i); | 
| 799 | /* drop those that use any of that is not available */ | 794 | /* drop those that use any of that is not available */ | 
| 800 | if ((c != NULL) && c->valid && | 795 | if ((c != NULL) && c->valid && | 
| 801 | #ifdef OPENSSL_FIPS | ||
| 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && | ||
| 803 | #endif | ||
| 804 | !(c->algorithm_mkey & disabled_mkey) && | 796 | !(c->algorithm_mkey & disabled_mkey) && | 
| 805 | !(c->algorithm_auth & disabled_auth) && | 797 | !(c->algorithm_auth & disabled_auth) && | 
| 806 | !(c->algorithm_enc & disabled_enc) && | 798 | !(c->algorithm_enc & disabled_enc) && | 
| @@ -1461,12 +1453,7 @@ const char *rule_str) | |||
| 1461 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | 1453 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | 
| 1462 | */ | 1454 | */ | 
| 1463 | for (curr = head; curr != NULL; curr = curr->next) { | 1455 | for (curr = head; curr != NULL; curr = curr->next) { | 
| 1464 | #ifdef OPENSSL_FIPS | 1456 | if (curr->active) { | 
| 1465 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | ||
| 1466 | #else | ||
| 1467 | if (curr->active) | ||
| 1468 | #endif | ||
| 1469 | { | ||
| 1470 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1457 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 
| 1471 | #ifdef CIPHER_DEBUG | 1458 | #ifdef CIPHER_DEBUG | 
| 1472 | printf("<%s>\n", curr->cipher->name); | 1459 | printf("<%s>\n", curr->cipher->name); | 
