diff options
| -rw-r--r-- | nss_engine_cipher.c | 9 | ||||
| -rw-r--r-- | test/test_cipher.py | 2 |
2 files changed, 11 insertions, 0 deletions
diff --git a/nss_engine_cipher.c b/nss_engine_cipher.c index ffa537e..4b059b0 100644 --- a/nss_engine_cipher.c +++ b/nss_engine_cipher.c @@ -307,6 +307,15 @@ static int parse_openssl_ciphers(server_rec *s, char *ciphers, PRBool cipher_lis } else if (!strcmp(cipher, "aRSA")) { mask |= SSL_aRSA; } else if (!strcmp(cipher, "EDH")) { + /* Normally this is kEDH:-ADH but since we don't + * support ADH this is sufficient. + */ + mask |= SSL_kEDH; + } else if (!strcmp(cipher, "DH")) { + /* non-ephemeral DH. The ciphers are defined + * but not implemented in OpenSSL so manage + * this here. + */ mask |= SSL_kEDH; #if 0 } else if (!strcmp(cipher, "ADH")) { diff --git a/test/test_cipher.py b/test/test_cipher.py index 4e69fc6..f1d39df 100644 --- a/test/test_cipher.py +++ b/test/test_cipher.py @@ -53,6 +53,8 @@ def assert_equal_openssl(ciphers): continue if not ENABLE_GCM and 'GCM' in o: continue + if o.startswith('DH-'): + continue if o in CIPHERS_NOT_IN_NSS: continue t.append(o) |