From 8061d307c6ae52d10a70236d0f745ce9734e2620 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 29 Jun 2022 08:38:01 +0000
Subject: Check security level when convertin a cipher list to bytes

ok beck jsing
---
 src/lib/libssl/ssl_ciphers.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
index 3174ae9c26..99f23dff4b 100644
--- a/src/lib/libssl/ssl_ciphers.c
+++ b/src/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_ciphers.c,v 1.13 2022/02/05 18:18:18 tb Exp $ */
+/*	$OpenBSD: ssl_ciphers.c,v 1.14 2022/06/29 08:38:01 tb Exp $ */
 /*
  * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
  * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -70,6 +70,9 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
 		if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
 		    max_vers))
 			continue;
+		if (!ssl_security(s, SSL_SECOP_CIPHER_CHECK,
+		    cipher->strength_bits, 0, cipher))
+			continue;
 		if (!CBB_add_u16(cbb, ssl3_cipher_get_value(cipher)))
 			return 0;
 
-- 
cgit v1.2.3-55-g6feb