mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-16 04:20:49 +00:00
ssl_tls.c: Fix ciphersuite selection regarding protocol version
Use the actual minimum and maximum of the minor version to be negotiated to filter ciphersuites to propose rather than the ones from the configuration. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
9847338429
commit
f735cf1f0f
@ -431,9 +431,11 @@ static int ssl_validate_ciphersuite(
|
||||
if( suite_info == NULL )
|
||||
return( 1 );
|
||||
|
||||
if( ( suite_info->min_minor_ver > ssl->conf->max_minor_ver ) ||
|
||||
( suite_info->max_minor_ver < ssl->conf->min_minor_ver ) )
|
||||
if( ( suite_info->min_minor_ver > ssl->minor_ver ) ||
|
||||
( suite_info->max_minor_ver < ssl->handshake->min_minor_ver ) )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
Loading…
x
Reference in New Issue
Block a user