Enable TLS 1.2 ciphers in DTLS 1.2.

[thirdparty/openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b0e91ad3e550ec2d06a10dd984f58a03c595b506..8cb018d65e7ff166e02800229268fc62be23af71 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -178,7 +178,8 @@ SSL3_ENC_METHOD TLSv1_2_enc_data={
        TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
        tls1_alert_code,
        tls1_export_keying_material,
-       SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF,
+       SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|SSL_ENC_FLAG_SHA256_PRF
+               |SSL_ENC_FLAG_TLS1_2_CIPHERS,
        SSL3_HM_HEADER_LENGTH,
        ssl3_set_handshake_header,
        ssl3_handshake_write
@@ -1008,8 +1009,8 @@ void ssl_set_client_disabled(SSL *s)
        int have_rsa = 0, have_dsa = 0, have_ecdsa = 0;
        c->mask_a = 0;
        c->mask_k = 0;
-       /* If less than TLS 1.2 don't allow TLS 1.2 only ciphers */
-       if (TLS1_get_client_version(s) < TLS1_2_VERSION)
+       /* Don't allow TLS 1.2 only ciphers if we don't suppport them */
+       if (!SSL_USE_TLS1_2_CIPHERS(s))
                c->mask_ssl = SSL_TLSV1_2;
        else
                c->mask_ssl = 0;