aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_policy.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-09-19 10:02:41 -0400
committerJack Lloyd <[email protected]>2016-10-07 15:56:32 -0400
commit13c9dce65807785f9d0d0f33b94803f9807a009b (patch)
tree168b9efe0b40303a362993621d4f73acc38e6d2e /src/lib/tls/tls_policy.cpp
parent36220cebaae551f3e7c22e2abd8a8ce848e56892 (diff)
TLS: Split CBC+HMAC modes to standalone AEAD_Mode
Now record layer only deals with an AEAD, and the weird complications of CBC modes mostly hidden in tls_cbc.cpp
Diffstat (limited to 'src/lib/tls/tls_policy.cpp')
-rw-r--r--src/lib/tls/tls_policy.cpp9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 9646aa320..53ef8e46d 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -352,12 +352,19 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version,
for(auto&& suite : Ciphersuite::all_known_ciphersuites())
{
- if(!acceptable_ciphersuite(suite))
+ // Can we use it?
+ if(suite.valid() == false)
continue;
+ // Is it acceptable to the policy?
+ if(!this->acceptable_ciphersuite(suite))
+ continue;
+
+ // Are we doing SRP?
if(!have_srp && suite.kex_algo() == "SRP_SHA")
continue;
+ // Are we doing AEAD in a non-AEAD version
if(!version.supports_aead_modes() && suite.mac_algo() == "AEAD")
continue;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 17:59:01 +0000