Encrypt-then-MAC extension (RFC 7366)

Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
author: Juraj Somorovsky <[email protected]> 2016-05-09 00:48:13 +0200
committer: Juraj Somorovsky <[email protected]> 2016-05-11 07:55:02 +0200
commit: 7c7fcecbe6a94ffaba5752175d8da5e33fbf0d7b (patch)
tree: 5ed7b29e5d3441c26b8aa6b5520ab589f9e05377 /src/lib/tls/tls_client.cpp
parent: 6d327f879c608908ca2c6b9b99f7fd74d498b4ef (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 0423b6536..13dde99c4 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -387,6 +387,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
          new Server_Key_Exchange(contents,
                                  state.ciphersuite().kex_algo(),
                                  state.ciphersuite().sig_algo(),
+                                 policy(),
                                  state.version())
          );
 
@@ -510,6 +511,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
          state.server_hello()->compression_method(),
          CLIENT,
          state.server_hello()->supports_extended_master_secret(),
+         state.server_hello()->supports_encrypt_then_mac(),
          get_peer_cert_chain(state),
          session_ticket,
          m_info,
author	Juraj Somorovsky <[email protected]>	2016-05-09 00:48:13 +0200
committer	Juraj Somorovsky <[email protected]>	2016-05-11 07:55:02 +0200
commit	7c7fcecbe6a94ffaba5752175d8da5e33fbf0d7b (patch)
tree	5ed7b29e5d3441c26b8aa6b5520ab589f9e05377 /src/lib/tls/tls_client.cpp
parent	6d327f879c608908ca2c6b9b99f7fd74d498b4ef (diff)