aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_policy.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/tls_policy.cpp')
-rw-r--r--src/tls/tls_policy.cpp20
1 files changed, 10 insertions, 10 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index ca6286b72..277f1a64d 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -40,8 +40,8 @@ std::vector<std::string> Policy::allowed_hashes() const
std::vector<std::string> Policy::allowed_key_exchange_methods() const
{
std::vector<std::string> allowed;
- //allowed.push_back("ECDH");
//allowed.push_back("SRP");
+ //allowed.push_back("ECDH");
allowed.push_back("DH");
allowed.push_back(""); // means RSA via server cert
return allowed;
@@ -188,26 +188,26 @@ u16bit Policy::choose_suite(const std::vector<u16bit>& client_suites,
{
for(size_t i = 0; i != client_suites.size(); ++i)
{
- u16bit suite_id = client_suites[i];
+ const u16bit suite_id = client_suites[i];
Ciphersuite suite = Ciphersuite::lookup_ciphersuite(suite_id);
+
if(suite.cipher_keylen() == 0)
continue; // not a ciphersuite we know
- if(!have_srp && suite.kex_algo() == "SRP")
- continue;
-
if(suite.kex_algo() == "ECDH")
continue; // not currently supported
- if(suite.kex_algo() == "ECDH")
- continue; // not yet supported
-
if(suite.sig_algo() == "RSA" && have_rsa)
return suite_id;
- else if(suite.sig_algo() == "DSA" && have_dsa)
+
+ if(suite.sig_algo() == "DSA" && have_dsa)
return suite_id;
+
+ if(suite.kex_algo() == "SRP" && have_srp)
+ return suite_id;
+
#if 0
- else if(suite.sig_algo() == "") // anonymous server
+ if(suite.sig_algo() == "") // anonymous server
return suite_id;
#endif
}