402 |
|
} |
403 |
|
|
404 |
|
cp = ssl2_get_cipher_by_char(p); |
405 |
< |
if (cp == NULL) { |
405 |
> |
if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) { |
406 |
|
ssl2_return_error(s, SSL2_PE_NO_CIPHER); |
407 |
|
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); |
408 |
|
return (-1); |
687 |
|
prio = cs; |
688 |
|
allow = cl; |
689 |
|
} |
690 |
+ |
|
691 |
+ |
/* Generate list of SSLv2 ciphers shared between client and server */ |
692 |
|
for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) { |
693 |
< |
if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) { |
693 |
> |
const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z); |
694 |
> |
if ((cp->algorithm_ssl & SSL_SSLV2) == 0 || |
695 |
> |
sk_SSL_CIPHER_find(allow, cp) < 0) { |
696 |
|
(void)sk_SSL_CIPHER_delete(prio, z); |
697 |
|
z--; |
698 |
|
} |
700 |
|
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { |
701 |
|
sk_SSL_CIPHER_free(s->session->ciphers); |
702 |
|
s->session->ciphers = prio; |
703 |
+ |
} |
704 |
+ |
|
705 |
+ |
/* Make sure we have at least one cipher in common */ |
706 |
+ |
if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) { |
707 |
+ |
ssl2_return_error(s, SSL2_PE_NO_CIPHER); |
708 |
+ |
SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH); |
709 |
+ |
return -1; |
710 |
|
} |
711 |
|
/* |
712 |
|
* s->session->ciphers should now have a list of ciphers that are on |