diff options
| author | lloyd <[email protected]> | 2012-01-24 15:10:14 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-01-24 15:10:14 +0000 |
| commit | 9e37cd76af978147cbb36faa09b9832b5f15f20a (patch) | |
| tree | 5a198928294a9bde7b7cf5eb43aa5f89e885c25a /src/tls/c_hello.cpp | |
| parent | 92f6a575bca25d8985aa87304e28cd63867310e2 (diff) | |
Send the supported elliptic curves extension. Instead of hardcoding
the values let policy specify them. Also choose an ECC curve for
server kex from the client hello. Choice is via policy, default
implementation is to choose the first curve the client supports out of
the server's preference list.
Diffstat (limited to 'src/tls/c_hello.cpp')
| -rw-r--r-- | src/tls/c_hello.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index 9e3824c57..7397f9122 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -99,6 +99,8 @@ Client_Hello::Client_Hello(Record_Writer& writer, std::vector<std::string> hashes = policy.allowed_hashes(); std::vector<std::string> sigs = policy.allowed_signature_methods(); + m_supported_curves = policy.allowed_ecc_curves(); + for(size_t i = 0; i != hashes.size(); ++i) for(size_t j = 0; j != sigs.size(); ++j) m_supported_algos.push_back(std::make_pair(hashes[i], sigs[j])); @@ -126,7 +128,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, m_suites.push_back(session.ciphersuite_code()); m_comp_methods.push_back(session.compression_method()); - // set m_supported_algos here? + // set m_supported_algos + m_supported_curves here? send(writer, hash); } @@ -173,6 +175,7 @@ MemoryVector<byte> Client_Hello::serialize() const extensions.add(new Renegotation_Extension(m_renegotiation_info)); extensions.add(new Server_Name_Indicator(m_hostname)); extensions.add(new SRP_Identifier(m_srp_identifier)); + extensions.add(new Supported_Elliptic_Curves(m_supported_curves)); if(m_version >= Protocol_Version::TLS_V12) extensions.add(new Signature_Algorithms(m_supported_algos)); |