tls13: server: Select preferred cipher suite

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-04-01 04:20:45 +00:00 · 2023-02-16 15:35:16 +01:00 · 2023-02-16 15:35:16 +01:00 · 25e9ec61f0
commit 25e9ec61f0
parent fc7ae87ad4
2 changed files with 5 additions and 3 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1383,6 +1383,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
        MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
                                  cipher_suite,
                                  ciphersuite_info->name));
+        break;
    }

    if (handshake->ciphersuite_info == NULL) {
@ -1390,6 +1391,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
                                     MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
    }
+    p = cipher_suites_end;

    /* ...
     * opaque legacy_compression_methods<1..2^8-1>;
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -13222,7 +13222,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-run_test    "TLS 1.3: NewSessionTicket: Basic check, G->m" \
+run_test    "TLS 1.3: NewSessionTicket: resumption failure, PSK len too big, G->m" \
            "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \
            "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
            0 \
@ -13231,9 +13231,9 @@ run_test    "TLS 1.3: NewSessionTicket: Basic check, G->m" \
            -s "=> write NewSessionTicket msg" \
            -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \
            -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \
+            -s "mbedtls_ssl_set_hs_psk() returned" \
            -s "key exchange mode: ephemeral" \
-            -s "key exchange mode: psk_ephemeral" \
-            -s "found pre_shared_key extension"
+            -S "key exchange mode: psk_ephemeral"

 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
 requires_config_enabled MBEDTLS_SSL_SRV_C