diff options
author | lloyd <[email protected]> | 2012-01-24 14:54:40 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-24 14:54:40 +0000 |
commit | 92f6a575bca25d8985aa87304e28cd63867310e2 (patch) | |
tree | 772ed25014be71f74482cef8cc55f5dd984ea765 /src/tls/s_hello.cpp | |
parent | d0d097337d652e2205d88e0037725d4aac05eab3 (diff) |
Get the list of supported ECC curves out of the client hello, and
avoid negotiating an ECDH key exchange if the client didn't send any
curves that we know about.
Diffstat (limited to 'src/tls/s_hello.cpp')
-rw-r--r-- | src/tls/s_hello.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index b027c6cc6..10e3a96fa 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -51,7 +51,9 @@ Server_Hello::Server_Hello(Record_Writer& writer, have_dsa = true; } - suite = policy.choose_suite(c_hello.ciphersuites(), have_rsa, have_dsa, false); + suite = policy.choose_suite(c_hello.ciphersuites(), + !c_hello.supported_ecc_curves().empty(), + have_rsa, have_dsa, false); if(suite == 0) throw TLS_Exception(HANDSHAKE_FAILURE, |