diff options
author | lloyd <[email protected]> | 2012-01-24 15:10:14 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-24 15:10:14 +0000 |
commit | 9e37cd76af978147cbb36faa09b9832b5f15f20a (patch) | |
tree | 5a198928294a9bde7b7cf5eb43aa5f89e885c25a /src/tls/s_hello.cpp | |
parent | 92f6a575bca25d8985aa87304e28cd63867310e2 (diff) |
Send the supported elliptic curves extension. Instead of hardcoding
the values let policy specify them. Also choose an ECC curve for
server kex from the client hello. Choice is via policy, default
implementation is to choose the first curve the client supports out of
the server's preference list.
Diffstat (limited to 'src/tls/s_hello.cpp')
-rw-r--r-- | src/tls/s_hello.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 10e3a96fa..7b7e4a753 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -51,9 +51,10 @@ Server_Hello::Server_Hello(Record_Writer& writer, have_dsa = true; } - suite = policy.choose_suite(c_hello.ciphersuites(), - !c_hello.supported_ecc_curves().empty(), - have_rsa, have_dsa, false); + suite = policy.choose_suite( + c_hello.ciphersuites(), + policy.choose_curve(c_hello.supported_ecc_curves()) != "", + have_rsa, have_dsa, false); if(suite == 0) throw TLS_Exception(HANDSHAKE_FAILURE, |