315     const SSL_CIPHER *cipher = NULL;
405      *   the cipher suite changed in _any_ way (which is straight-forward but
410      *   only if the currently active cipher is no longer contained in the
411      *   reconfigured/new cipher suite. Any other changes are not important
412      *   because it's the servers choice to select a cipher from the ones the
413      *   client supports. So as long as the current cipher is still in the new
414      *   cipher suite we're happy. Because we can assume we would have
416      *   new cipher suite. This approach is fine because the user explicitly
424             cipher = SSL_get_current_cipher(ssl);
456             if ((!cipher && cipher_list) ||
457                 (cipher && !cipher_list))
461             else if (cipher && cipher_list &&
462                      (sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
512                          "Reconfigured cipher suite will force renegotiation");
895             cipher = SSL_get_current_cipher(ssl);
896             if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
898                              "SSL cipher suite not renegotiated: "
899                              "access to %s denied using cipher %s",
901                               SSL_CIPHER_get_name(cipher));

Indexes created Tue Jul 24 14:28:13 CEST 2018