ssl_tls.c: Fix ciphersuite selection regarding protocol version

Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-03-30 19:51:43 +02:00
parent 9847338429
commit f735cf1f0f

View File

@ -431,9 +431,11 @@ static int ssl_validate_ciphersuite(
if( suite_info == NULL )
return( 1 );
if( ( suite_info->min_minor_ver > ssl->conf->max_minor_ver ) ||
( suite_info->max_minor_ver < ssl->conf->min_minor_ver ) )
if( ( suite_info->min_minor_ver > ssl->minor_ver ) ||
( suite_info->max_minor_ver < ssl->handshake->min_minor_ver ) )
{
return( 1 );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)