summaryrefslogtreecommitdiff
path: root/drivers/builtin_openssl2/ssl/s23_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/builtin_openssl2/ssl/s23_srvr.c')
-rw-r--r--drivers/builtin_openssl2/ssl/s23_srvr.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/builtin_openssl2/ssl/s23_srvr.c b/drivers/builtin_openssl2/ssl/s23_srvr.c
index 50f98dced4..470bd3d94f 100644
--- a/drivers/builtin_openssl2/ssl/s23_srvr.c
+++ b/drivers/builtin_openssl2/ssl/s23_srvr.c
@@ -402,6 +402,11 @@ int ssl23_get_client_hello(SSL *s)
/* ensure that TLS_MAX_VERSION is up-to-date */
OPENSSL_assert(s->version <= TLS_MAX_VERSION);
+ if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+ SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+ goto err;
+ }
#ifdef OPENSSL_FIPS
if (FIPS_mode() && (s->version < TLS1_VERSION)) {
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-28 15:00:26 +0000