vendor/openssl/1.0.2d

author: Jung-uk Kim <jkim@FreeBSD.org> 2015-10-23 19:46:02 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2015-10-23 19:46:02 +0000
commit: e9fcefce9bb70f20c272a996443928c5f6ab8cd8 (patch)
tree: ae816a5a768ec78af3610e509ca39507b33aa9f7 /ssl/s23_srvr.c
parent: c07d7b3a386974c338492659291008bed07948e6 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 50f98dced44f5..470bd3d94f29a 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -402,6 +402,11 @@ int ssl23_get_client_hello(SSL *s)
     /* ensure that TLS_MAX_VERSION is up-to-date */
     OPENSSL_assert(s->version <= TLS_MAX_VERSION);
 
+    if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) {
+        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+               SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+        goto err;
+    }
 #ifdef OPENSSL_FIPS
     if (FIPS_mode() && (s->version < TLS1_VERSION)) {
         SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
author	Jung-uk Kim <jkim@FreeBSD.org>	2015-10-23 19:46:02 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2015-10-23 19:46:02 +0000
commit	e9fcefce9bb70f20c272a996443928c5f6ab8cd8 (patch)
tree	ae816a5a768ec78af3610e509ca39507b33aa9f7 /ssl/s23_srvr.c
parent	c07d7b3a386974c338492659291008bed07948e6 (diff)