diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-04-09 15:57:39 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-09-18 13:46:03 +0100 |
commit | d3071769317911c2a68c81007c657695d3988258 (patch) | |
tree | 3362f3b00777d2a2f4d9c9079b488b392b5c66ca /ssl/s3_srvr.c | |
parent | c391a74266f70d2be4c2dd8d1e02cbd6f6e72605 (diff) |
Suite B support for DTLS 1.2
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.
Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
(cherry picked from commit 4544f0a69161a37ee3edce3cc1bc34c3678a4d64)
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8546c09ca2..09af9ae1cf 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1097,6 +1097,13 @@ int ssl3_get_client_hello(SSL *s) s->version = DTLS1_2_VERSION; s->method = DTLSv1_2_server_method(); } + else if (tls1_suiteb(s)) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); + s->version = s->client_version; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } else if (s->client_version <= DTLS1_VERSION && !(s->options & SSL_OP_NO_DTLSv1)) { |