diff options
| author | Jack Lloyd <[email protected]> | 2016-03-17 14:45:42 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-03-17 14:45:42 -0400 |
| commit | cf5c88d07b44ad7c6b8702e7afb387fd8c13c3d3 (patch) | |
| tree | 412ccee68bccde59aa47c037c4d4b85510ed2f09 /src/lib/tls/tls_policy.cpp | |
| parent | b5d8783fccbd4b6686708fd4f2f84eaada3e8fed (diff) | |
Client must verify that the server sent an ECC curve which policy accepts.
Otherwise a MITM who can in real time break any supported ECC curve can
downgrade us.
Diffstat (limited to 'src/lib/tls/tls_policy.cpp')
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index be4c61b16..f88860a71 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -109,6 +109,11 @@ std::vector<std::string> Policy::allowed_ecc_curves() const }; } +bool Policy::allowed_ecc_curve(const std::string& curve) const + { + return value_exists(allowed_ecc_curves(), curve); + } + /* * Choose an ECC curve to use */ |