generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Suite B support for DTLS 1.2

Browse Source 
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.

Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
This commit is contained in:
Dr. Stephen Henson
2013-04-09 15:57:39 +01:00
parent c56f5b8edf
commit 4544f0a691
7 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ssl/s3_srvr.c
View File

@@ -1096,6 +1096,13 @@ int ssl3_get_client_hello(SSL *s)
s->version = DTLS1_2_VERSION;
s->method = DTLSv1_2_server_method();
}
else if (tls1_suiteb(s))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
s->version = s->client_version;
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
else if (s->client_version <= DTLS1_VERSION &&
!(s->options & SSL_OP_NO_DTLSv1))
{