Fix version check

aws · Mar 27, 2024 · a11a75d · a11a75d
1 parent 1535156
commit a11a75d
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
@@ -677,9 +677,12 @@ bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
     // never reach this case in normal connection flow, as |choose_cipher|
     // uses |SSL_CIPHER_get_min_version| and |SSL_CIPHER_get_max_version| to
     // filter cipher selection appropriately.
-    //
-    // Additionally enforce that SHA-384 is only used with AES-256.
-    if (!is_tls12 || cipher->algorithm_enc != SSL_AES256) {
+    if(version != TLS1_2_VERSION) {
+      return false;
+    }
+
+    // Enforce that SHA-384 is only used with AES-256.
+    if (cipher->algorithm_enc != SSL_AES256) {
       return false;
     }