summaryrefslogtreecommitdiff
path: root/ssl/ssl_cert.c
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2018-10-12 17:24:14 +0200
committerKurt Roeckx <kurt@roeckx.be>2018-11-10 21:29:36 +0100
commit75b68c9e4e8591a4ebe083cb207aeb121baf549f (patch)
tree8f78d60144e381d969167a4c5dbd1f52422c42e3 /ssl/ssl_cert.c
parent65042182fcafbd4c0dd8fdabaefdf1fd38dc6287 (diff)
downloadopenssl-new-75b68c9e4e8591a4ebe083cb207aeb121baf549f.tar.gz
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #7391
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r--ssl/ssl_cert.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 52a4a7eaad..7d7357fb3a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -951,8 +951,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;
/* Level 3: forward secure ciphersuites only */
- if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
- !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
+ if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
return 0;
break;
}
View Lorry Controller Status