aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/lib/tls/tls_client.cpp2
-rw-r--r--src/lib/tls/tls_policy.cpp5
-rw-r--r--src/tests/unit_tls.cpp6
3 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 4647e11cb..c35149d6b 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -161,7 +161,7 @@ void Client::send_client_hello(Handshake_State& state_base,
Ensure that the session protocol type matches what we want to use
If not skip the resume and establish a new session
*/
- if(version == session_info.version())
+ if(version == session_info.version() && policy().acceptable_ciphersuite(session_info.ciphersuite()))
{
if(srp_identifier == "" || session_info.srp_identifier() == srp_identifier)
{
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index ce87edac1..a46fcee92 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -317,9 +317,10 @@ Protocol_Version Policy::latest_supported_version(bool datagram) const
}
}
-bool Policy::acceptable_ciphersuite(const Ciphersuite&) const
+bool Policy::acceptable_ciphersuite(const Ciphersuite& ciphersuite) const
{
- return true;
+ return value_exists(allowed_ciphers(), ciphersuite.cipher_algo()) &&
+ value_exists(allowed_macs(), ciphersuite.mac_algo());
}
bool Policy::allow_client_initiated_renegotiation() const { return false; }
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index b3aed639d..f82d432b4 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -953,9 +953,9 @@ class TLS_Unit_Tests final : public Test
#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
client_ses.reset(
- new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 5, std::chrono::seconds(2)));
+ new Botan::TLS::Session_Manager_SQLite("client pass", rng, ":memory:", 5, std::chrono::seconds(2)));
server_ses.reset(
- new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 10, std::chrono::seconds(4)));
+ new Botan::TLS::Session_Manager_SQLite("server pass", rng, ":memory:", 10, std::chrono::seconds(4)));
#else
client_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng));
@@ -973,7 +973,7 @@ class TLS_Unit_Tests final : public Test
#if defined(BOTAN_HAS_CAMELLIA)
test_all_versions("Camellia-128 RSA", results, *client_ses, *server_ses,
*creds, "RSA", "Camellia-128", "SHA-256 SHA-1", etm_setting);
- test_all_versions("Camellia-128 RSA SHA-2", results, *client_ses, *server_ses,
+ test_all_versions("Camellia-256 RSA SHA-2", results, *client_ses, *server_ses,
*creds, "RSA", "Camellia-256", "SHA-256 SHA-384 SHA-1", etm_setting);
#endif