diff options
author | Jack Lloyd <[email protected]> | 2017-09-04 12:48:39 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-09-04 12:48:39 -0400 |
commit | f7a80b1ba0b49eabe5c63bc1105e378ec9abf76b (patch) | |
tree | b32b2f2f09e8260d3b66a4b5ca7074826a00171f /src/lib/tls/tls_policy.cpp | |
parent | 0aa4b524e01e7ae0a9957b1a7689aeea641b3e75 (diff) |
Correct TLS::Policy::latest_supported_version
This would do the wrong thing if TLS v1.2 was disabled but v1.0/v1.1
allowed.
Diffstat (limited to 'src/lib/tls/tls_policy.cpp')
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index ac71024ee..7432b276e 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -261,9 +261,23 @@ bool Policy::acceptable_protocol_version(Protocol_Version version) const Protocol_Version Policy::latest_supported_version(bool datagram) const { if(datagram) - return Protocol_Version::latest_dtls_version(); + { + if(allow_dtls12()) + return Protocol_Version::DTLS_V12; + if(allow_dtls10()) + return Protocol_Version::DTLS_V10; + throw Invalid_State("Policy forbids all available DTLS version"); + } else - return Protocol_Version::latest_tls_version(); + { + if(allow_tls12()) + return Protocol_Version::TLS_V12; + if(allow_tls11()) + return Protocol_Version::TLS_V11; + if(allow_tls10()) + return Protocol_Version::TLS_V10; + throw Invalid_State("Policy forbids all available TLS version"); + } } bool Policy::acceptable_ciphersuite(const Ciphersuite&) const |