diff options
Diffstat (limited to 'src/tls/tls_policy.cpp')
-rw-r--r-- | src/tls/tls_policy.cpp | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 38dd21a55..ea3e4f144 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -47,6 +47,8 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const std::vector<std::string> allowed; //allowed.push_back("SRP"); + //allowed.push_back("DH_PSK"); + //allowed.push_back("PSK"); allowed.push_back("ECDH"); allowed.push_back("DH"); allowed.push_back(""); // means RSA via server cert @@ -223,29 +225,23 @@ u16bit Policy::choose_suite(const std::vector<u16bit>& client_suites, bool have_shared_ecc_curve, bool have_srp) const { - for(size_t i = 0; i != client_suites.size(); ++i) + std::vector<u16bit> ciphersuites = ciphersuite_list(have_srp); + + for(size_t i = 0; i != ciphersuites.size(); ++i) { - const u16bit suite_id = client_suites[i]; + const u16bit suite_id = ciphersuites[i]; Ciphersuite suite = Ciphersuite::lookup_ciphersuite(suite_id); - if(suite.cipher_keylen() == 0) - continue; // not a ciphersuite we know - if(!have_shared_ecc_curve) { if(suite.kex_algo() == "ECDH" || suite.sig_algo() == "ECDSA") continue; } - if(suite.kex_algo() == "SRP") - { - if(have_srp) - return suite_id; - else - continue; - } + if(!value_exists(available_cert_types, suite.sig_algo())) + continue; - if(value_exists(available_cert_types, suite.sig_algo())) + if(value_exists(client_suites, suite_id)) return suite_id; } |