Revision - 4264ecd - Don't offer or accept ciphersuites that we can't support

Revision 4264ecd4cebf7cee4bd437f1739e9f4297ae5b70 authored by Matt Caswell on 01 May 2020, 08:17:40 UTC, committed by Matt Caswell on 06 May 2020, 10:49:59 UTC

Don't offer or accept ciphersuites that we can't support

We were not correctly detecting whether TLSv1.3 ciphersuites could
actually be supported by the available provider implementations. For
example a FIPS client would still offer CHACHA20-POLY1305 based
ciphersuites even though it couldn't actually use them. Similarly on
the server would try to use CHACHA20-POLY1305 and then fail the
handshake.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11700)

1 parent 15dd075

Files
Changes

Permalinks

File	Mode	Size
applink.c	-rw-r--r--	3.4 KB
cmp.pl	-rwxr-xr-x	1.2 KB
uplink-common.pl	-rwxr-xr-x	1.1 KB
uplink-ia64.pl	-rwxr-xr-x	1.4 KB
uplink-x86.pl	-rwxr-xr-x	1.0 KB
uplink-x86_64.pl	-rwxr-xr-x	1.7 KB
uplink.c	-rw-r--r--	4.0 KB
uplink.h	-rw-r--r--	2.2 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...