From 71e9b91eea49d53853250e56fcbc42c4ca59dd93 Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Thu, 30 Oct 2014 23:56:02 +0000
Subject: If the server offers us a SCSV instead of a real ciphersuite send a
 fatal alert

---
 src/lib/tls/tls_ciphersuite.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/lib/tls/tls_ciphersuite.cpp')

diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp
index e8c551b01..4c9b204a6 100644
--- a/src/lib/tls/tls_ciphersuite.cpp
+++ b/src/lib/tls/tls_ciphersuite.cpp
@@ -55,6 +55,12 @@ Ciphersuite Ciphersuite::by_name(const std::string& name)
    return Ciphersuite(); // some unknown ciphersuite
    }
 
+bool Ciphersuite::is_scsv(u16bit suite)
+   {
+   // TODO: derive from IANA file in script
+   return (suite == 0x00FF || suite == 0x5600);
+   }
+
 Ciphersuite::Ciphersuite(u16bit ciphersuite_code,
                          const char* sig_algo,
                          const char* kex_algo,
-- 
cgit v1.2.3