CVSROOT:        /cvs
Module name:    src
Changes by:   2016/09/19 22:25:09

Modified files:
        lib/libssl     : ssl_lib.c 

Log message:
Avoid selecting weak digests for (EC)DH when using SNI.

from OpenSSL:

SSL_set_SSL_CTX is normally called for SNI after ClientHello has
received and the digest to use for each certificate has been decided.
The original ssl->cert contains the negotiated digests and is now
copied to the new ssl->cert.

noted by David Benjamin and Kinichiro Inoguchi

Reply via email to