diff options
-rw-r--r-- | src/lib/tls/tls_client.cpp | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 5 | ||||
-rw-r--r-- | src/tests/unit_tls.cpp | 6 |
3 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 4647e11cb..c35149d6b 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -161,7 +161,7 @@ void Client::send_client_hello(Handshake_State& state_base, Ensure that the session protocol type matches what we want to use If not skip the resume and establish a new session */ - if(version == session_info.version()) + if(version == session_info.version() && policy().acceptable_ciphersuite(session_info.ciphersuite())) { if(srp_identifier == "" || session_info.srp_identifier() == srp_identifier) { diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index ce87edac1..a46fcee92 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -317,9 +317,10 @@ Protocol_Version Policy::latest_supported_version(bool datagram) const } } -bool Policy::acceptable_ciphersuite(const Ciphersuite&) const +bool Policy::acceptable_ciphersuite(const Ciphersuite& ciphersuite) const { - return true; + return value_exists(allowed_ciphers(), ciphersuite.cipher_algo()) && + value_exists(allowed_macs(), ciphersuite.mac_algo()); } bool Policy::allow_client_initiated_renegotiation() const { return false; } diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index b3aed639d..f82d432b4 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -953,9 +953,9 @@ class TLS_Unit_Tests final : public Test #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) client_ses.reset( - new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 5, std::chrono::seconds(2))); + new Botan::TLS::Session_Manager_SQLite("client pass", rng, ":memory:", 5, std::chrono::seconds(2))); server_ses.reset( - new Botan::TLS::Session_Manager_SQLite("pass", rng, ":memory:", 10, std::chrono::seconds(4))); + new Botan::TLS::Session_Manager_SQLite("server pass", rng, ":memory:", 10, std::chrono::seconds(4))); #else client_ses.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); @@ -973,7 +973,7 @@ class TLS_Unit_Tests final : public Test #if defined(BOTAN_HAS_CAMELLIA) test_all_versions("Camellia-128 RSA", results, *client_ses, *server_ses, *creds, "RSA", "Camellia-128", "SHA-256 SHA-1", etm_setting); - test_all_versions("Camellia-128 RSA SHA-2", results, *client_ses, *server_ses, + test_all_versions("Camellia-256 RSA SHA-2", results, *client_ses, *server_ses, *creds, "RSA", "Camellia-256", "SHA-256 SHA-384 SHA-1", etm_setting); #endif |