aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-04 12:48:39 -0400
committerJack Lloyd <[email protected]>2017-09-04 12:48:39 -0400
commitf7a80b1ba0b49eabe5c63bc1105e378ec9abf76b (patch)
treeb32b2f2f09e8260d3b66a4b5ca7074826a00171f /src/lib/tls
parent0aa4b524e01e7ae0a9957b1a7689aeea641b3e75 (diff)
Correct TLS::Policy::latest_supported_version
This would do the wrong thing if TLS v1.2 was disabled but v1.0/v1.1 allowed.
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tls_policy.cpp18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index ac71024ee..7432b276e 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -261,9 +261,23 @@ bool Policy::acceptable_protocol_version(Protocol_Version version) const
Protocol_Version Policy::latest_supported_version(bool datagram) const
{
if(datagram)
- return Protocol_Version::latest_dtls_version();
+ {
+ if(allow_dtls12())
+ return Protocol_Version::DTLS_V12;
+ if(allow_dtls10())
+ return Protocol_Version::DTLS_V10;
+ throw Invalid_State("Policy forbids all available DTLS version");
+ }
else
- return Protocol_Version::latest_tls_version();
+ {
+ if(allow_tls12())
+ return Protocol_Version::TLS_V12;
+ if(allow_tls11())
+ return Protocol_Version::TLS_V11;
+ if(allow_tls10())
+ return Protocol_Version::TLS_V10;
+ throw Invalid_State("Policy forbids all available TLS version");
+ }
}
bool Policy::acceptable_ciphersuite(const Ciphersuite&) const