mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable strict cipher suite checking by default. Changed to enable by default and can be disabled using WOLFSSL_NO_STRICT_CIPHER_SUITE.

Browse Source
This commit is contained in:
David Garske 2019-08-16 10:20:25 -07:00
parent e75417fde1
commit eb68ad162b
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal.c
View File

@ -18172,14 +18172,15 @@ exit_dpk:
ssl->options.cipherSuite = cs1;
compression = input[i++];
#ifdef WOLFSSL_STRICT_CIPHER_SUITE
#ifndef WOLFSSL_NO_STRICT_CIPHER_SUITE
{
word32 idx, found = 0;
/* confirm server_hello cipher suite is one sent in client_hello */
for (idx = 0; idx < ssl->suites->suiteSz; idx += 2) {
if (ssl->suites->suites[idx] == cs0 &&
ssl->suites->suites[idx+1] == cs1) {
found = idx;
found = 1;
break;
}
}
if (!found) {
@ -18187,7 +18188,7 @@ exit_dpk:
return MATCH_SUITE_ERROR;
}
}
#endif
#endif /* !WOLFSSL_NO_STRICT_CIPHER_SUITE */
if (compression != NO_COMPRESSION && !ssl->options.usingCompression) {
WOLFSSL_MSG("Server forcing compression w/o support");