Hello,
openssl advertises ECC ciphersuites in SSLv2 client hello if ssl23
method is used. This is incorrect because the TLS extensions that
indicate supported curves and point formats cannot be sent in SSLv2
client hello. The attached patch ensures that no ECC ciphersuites are
sent in SSLv2 client hello.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
diff -up openssl-1.0.1e/ssl/s23_lib.c.ssl2noec openssl-1.0.1e/ssl/s23_lib.c
--- openssl-1.0.1e/ssl/s23_lib.c.ssl2noec 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s23_lib.c 2014-05-06 15:51:54.053293674 +0200
@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_C
long l;
/* We can write SSLv2 and SSLv3 ciphers */
+ /* but no ECC ciphers */
+ if (c->algorithm_mkey == SSL_kECDHr ||
+ c->algorithm_mkey == SSL_kECDHe ||
+ c->algorithm_mkey == SSL_kEECDH ||
+ c->algorithm_auth == SSL_aECDH ||
+ c->algorithm_auth == SSL_aECDSA)
+ return 0;
if (p != NULL)
{
l=c->id;
