aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/s_hello.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-24 15:10:14 +0000
committerlloyd <[email protected]>2012-01-24 15:10:14 +0000
commit9e37cd76af978147cbb36faa09b9832b5f15f20a (patch)
tree5a198928294a9bde7b7cf5eb43aa5f89e885c25a /src/tls/s_hello.cpp
parent92f6a575bca25d8985aa87304e28cd63867310e2 (diff)
Send the supported elliptic curves extension. Instead of hardcoding
the values let policy specify them. Also choose an ECC curve for server kex from the client hello. Choice is via policy, default implementation is to choose the first curve the client supports out of the server's preference list.
Diffstat (limited to 'src/tls/s_hello.cpp')
-rw-r--r--src/tls/s_hello.cpp7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp
index 10e3a96fa..7b7e4a753 100644
--- a/src/tls/s_hello.cpp
+++ b/src/tls/s_hello.cpp
@@ -51,9 +51,10 @@ Server_Hello::Server_Hello(Record_Writer& writer,
have_dsa = true;
}
- suite = policy.choose_suite(c_hello.ciphersuites(),
- !c_hello.supported_ecc_curves().empty(),
- have_rsa, have_dsa, false);
+ suite = policy.choose_suite(
+ c_hello.ciphersuites(),
+ policy.choose_curve(c_hello.supported_ecc_curves()) != "",
+ have_rsa, have_dsa, false);
if(suite == 0)
throw TLS_Exception(HANDSHAKE_FAILURE,