diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_seclevel.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c index 4ccd957689..957ebc7ca5 100644 --- a/src/lib/libssl/ssl_seclevel.c +++ b/src/lib/libssl/ssl_seclevel.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_seclevel.c,v 1.22 2022/07/07 17:08:28 tb Exp $ */ | 1 | /* $OpenBSD: ssl_seclevel.c,v 1.23 2022/07/19 18:55:12 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> |
| 4 | * | 4 | * |
| @@ -112,10 +112,13 @@ ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits, | |||
| 112 | if (cipher->algorithm_auth & SSL_aNULL) | 112 | if (cipher->algorithm_auth & SSL_aNULL) |
| 113 | return 0; | 113 | return 0; |
| 114 | 114 | ||
| 115 | if (cipher->algorithm_mac & SSL_MD5) | ||
| 116 | return 0; | ||
| 117 | |||
| 115 | if (security_level <= 1) | 118 | if (security_level <= 1) |
| 116 | return 1; | 119 | return 1; |
| 117 | 120 | ||
| 118 | if (cipher->algorithm_enc == SSL_RC4) | 121 | if (cipher->algorithm_enc & SSL_RC4) |
| 119 | return 0; | 122 | return 0; |
| 120 | 123 | ||
| 121 | if (security_level <= 2) | 124 | if (security_level <= 2) |
| @@ -126,6 +129,12 @@ ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits, | |||
| 126 | cipher->algorithm_ssl != SSL_TLSV1_3) | 129 | cipher->algorithm_ssl != SSL_TLSV1_3) |
| 127 | return 0; | 130 | return 0; |
| 128 | 131 | ||
| 132 | if (security_level <= 3) | ||
| 133 | return 1; | ||
| 134 | |||
| 135 | if (cipher->algorithm_mac & SSL_SHA1) | ||
| 136 | return 0; | ||
| 137 | |||
| 129 | return 1; | 138 | return 1; |
| 130 | } | 139 | } |
| 131 | 140 | ||