mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-16 04:20:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl_tls.c: Fix ciphersuite selection regarding protocol version

Browse Source 
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-03-30 19:51:43 +02:00
parent 9847338429
commit f735cf1f0f
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_client.c
View File

@ -431,9 +431,11 @@ static int ssl_validate_ciphersuite(
if( suite_info == NULL )
return( 1 );
if( ( suite_info->min_minor_ver > ssl->conf->max_minor_ver ) ||
( suite_info->max_minor_ver < ssl->conf->min_minor_ver ) )
if( ( suite_info->min_minor_ver > ssl->minor_ver ) ||
( suite_info->max_minor_ver < ssl->handshake->min_minor_ver ) )
{
return( 1 );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)