mirror of
https://github.com/openssl/openssl.git
synced 2025-03-01 19:28:10 +08:00
ce0b307ea0
In ssl_create_cipher_list() we make a pass through the ciphers to remove those which are disabled in the current libctx. We are careful to not include such disabled TLS 1.3 ciphers in the final consolidated cipher list that we produce, but the disabled ciphers are still kept in the separate stack of TLS 1.3 ciphers associated with the SSL or SSL_CTX in question. This leads to confusing results where a cipher is present in the tls13_cipherlist but absent from the actual cipher list in use. Keep the books in order and remove the disabled ciphers from the 1.3 cipherlist at the same time we skip adding them to the active cipher list. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12037) |
||
|---|---|---|
| .. | ||
| record | ||
| statem | ||
| bio_ssl.c | ||
| build.info | ||
| d1_lib.c | ||
| d1_msg.c | ||
| d1_srtp.c | ||
| ktls.c | ||
| methods.c | ||
| pqueue.c | ||
| s3_cbc.c | ||
| s3_enc.c | ||
| s3_lib.c | ||
| s3_msg.c | ||
| ssl_asn1.c | ||
| ssl_cert_table.h | ||
| ssl_cert.c | ||
| ssl_ciph.c | ||
| ssl_conf.c | ||
| ssl_err_legacy.c | ||
| ssl_err.c | ||
| ssl_init.c | ||
| ssl_lib.c | ||
| ssl_local.h | ||
| ssl_mcnf.c | ||
| ssl_rsa_legacy.c | ||
| ssl_rsa.c | ||
| ssl_sess.c | ||
| ssl_stat.c | ||
| ssl_txt.c | ||
| ssl_utst.c | ||
| sslerr.h | ||
| t1_enc.c | ||
| t1_lib.c | ||
| t1_trce.c | ||
| tls13_enc.c | ||
| tls_depr.c | ||
| tls_srp.c | ||