From d3f7ddc4862453fa21df23d40fd78c33d69f72b1 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 15 Jul 2016 14:32:24 -0600
Subject: [PATCH] leave off SHA1-RSA/ECDSA signature algorithms when NO_OLD_TLS
 is defined

---
 src/internal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 50de7115f..2efab0250 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -1704,7 +1704,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
             suites->hashSigAlgo[idx++] = sha256_mac;
             suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
         #endif
-        #ifndef NO_SHA
+        #if !defined(NO_SHA) && !defined(NO_OLD_TLS)
             suites->hashSigAlgo[idx++] = sha_mac;
             suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
         #endif
@@ -1723,7 +1723,7 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
             suites->hashSigAlgo[idx++] = sha256_mac;
             suites->hashSigAlgo[idx++] = rsa_sa_algo;
         #endif
-        #ifndef NO_SHA
+        #if !defined(NO_SHA) && !defined(NO_OLD_TLS)
             suites->hashSigAlgo[idx++] = sha_mac;
             suites->hashSigAlgo[idx++] = rsa_sa_algo;
         #endif