aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/s_hello.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-24 14:54:40 +0000
committerlloyd <[email protected]>2012-01-24 14:54:40 +0000
commit92f6a575bca25d8985aa87304e28cd63867310e2 (patch)
tree772ed25014be71f74482cef8cc55f5dd984ea765 /src/tls/s_hello.cpp
parentd0d097337d652e2205d88e0037725d4aac05eab3 (diff)
Get the list of supported ECC curves out of the client hello, and
avoid negotiating an ECDH key exchange if the client didn't send any curves that we know about.
Diffstat (limited to 'src/tls/s_hello.cpp')
-rw-r--r--src/tls/s_hello.cpp4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index b027c6cc6..10e3a96fa 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -51,7 +51,9 @@ Server_Hello::Server_Hello(Record_Writer& writer,
have_dsa = true;
}
- suite = policy.choose_suite(c_hello.ciphersuites(), have_rsa, have_dsa, false);
+ suite = policy.choose_suite(c_hello.ciphersuites(),
+ !c_hello.supported_ecc_curves().empty(),
+ have_rsa, have_dsa, false);
if(suite == 0)
throw TLS_Exception(HANDSHAKE_FAILURE,