Don't filter TLS 1.3 ciphersuites by signing or key exchange algorithm (612ca806) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_lib.c

+28 −23

Original line number	Diff line number	Diff line
		@@ -3633,7 +3633,11 @@ const SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,
		(DTLS_VERSION_LT(s->version, c->min_dtls) \|\|
		DTLS_VERSION_GT(s->version, c->max_dtls)))
		continue;

		/*
		* Since TLS 1.3 ciphersuites can be used with any auth or
		* key exchange scheme skip tests.
		*/
		if (!SSL_IS_TLS13(s)) {
		mask_k = s->s3->tmp.mask_k;
		mask_a = s->s3->tmp.mask_a;
		#ifndef OPENSSL_NO_SRP
		@@ -3669,6 +3673,7 @@ const SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,

		if (!ok)
		continue;
		}
		ii = sk_SSL_CIPHER_find(allow, c);
		if (ii >= 0) {
		/* Check security callback permits this cipher */