From ddf97a6c92cbfe66264e84addcb60dbd1a1f51d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Sep 2015 09:58:31 +0200 Subject: [PATCH] Skip ECJPAKE suite in ClientHello if no pw set up When we don't have a password, we want to skip the costly process of generating the extension. So for consistency don't offer the ciphersuite without the extension. --- library/ssl_cli.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index cacab330a4..e8cb0f143d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -723,6 +723,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) continue; #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) + continue; +#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d", ciphersuites[i] ) );