aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_policy.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/tls_policy.cpp')
-rw-r--r--src/tls/tls_policy.cpp22
1 files changed, 9 insertions, 13 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index 38dd21a55..ea3e4f144 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -47,6 +47,8 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const
std::vector<std::string> allowed;
//allowed.push_back("SRP");
+ //allowed.push_back("DH_PSK");
+ //allowed.push_back("PSK");
allowed.push_back("ECDH");
allowed.push_back("DH");
allowed.push_back(""); // means RSA via server cert
@@ -223,29 +225,23 @@ u16bit Policy::choose_suite(const std::vector<u16bit>& client_suites,
bool have_shared_ecc_curve,
bool have_srp) const
{
- for(size_t i = 0; i != client_suites.size(); ++i)
+ std::vector<u16bit> ciphersuites = ciphersuite_list(have_srp);
+
+ for(size_t i = 0; i != ciphersuites.size(); ++i)
{
- const u16bit suite_id = client_suites[i];
+ const u16bit suite_id = ciphersuites[i];
Ciphersuite suite = Ciphersuite::lookup_ciphersuite(suite_id);
- if(suite.cipher_keylen() == 0)
- continue; // not a ciphersuite we know
-
if(!have_shared_ecc_curve)
{
if(suite.kex_algo() == "ECDH" || suite.sig_algo() == "ECDSA")
continue;
}
- if(suite.kex_algo() == "SRP")
- {
- if(have_srp)
- return suite_id;
- else
- continue;
- }
+ if(!value_exists(available_cert_types, suite.sig_algo()))
+ continue;
- if(value_exists(available_cert_types, suite.sig_algo()))
+ if(value_exists(client_suites, suite_id))
return suite_id;
}