mrezai
@ -235,8 +235,7 @@ static const SSL_CIPHER cipher_aliases[] = {
|
||||
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
|
||||
* ALL!)
|
||||
*/
|
||||
{0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
|
||||
SSL_EXP_MASK, 0, 0, 0},
|
||||
{0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
|
||||
|
||||
/*
|
||||
* key exchange aliases (some of those using only a single bit here
|
||||
@ -1030,10 +1029,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
if (cipher_id && cipher_id != cp->id)
|
||||
continue;
|
||||
#endif
|
||||
if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
|
||||
goto ok;
|
||||
if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
|
||||
goto ok;
|
||||
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
|
||||
continue;
|
||||
if (alg_auth && !(alg_auth & cp->algorithm_auth))
|
||||
@ -1050,10 +1045,11 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
if ((algo_strength & SSL_STRONG_MASK)
|
||||
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
|
||||
continue;
|
||||
if ((algo_strength & SSL_NOT_DEFAULT)
|
||||
&& !(cp->algo_strength & SSL_NOT_DEFAULT))
|
||||
continue;
|
||||
}
|
||||
|
||||
ok:
|
||||
|
||||
#ifdef CIPHER_DEBUG
|
||||
fprintf(stderr, "Action = %d\n", rule);
|
||||
#endif
|
||||
@ -1337,6 +1333,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
||||
ca_list[j]->algo_strength & SSL_STRONG_MASK;
|
||||
}
|
||||
|
||||
if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
|
||||
algo_strength |= SSL_NOT_DEFAULT;
|
||||
}
|
||||
|
||||
if (ca_list[j]->valid) {
|
||||
/*
|
||||
* explicit ciphersuite found; its protocol version does not
|
||||
|
||||
Reference in New Issue
Block a user