diff options
author | Todd Short <tshort@akamai.com> | 2015-12-21 15:19:29 -0500 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2017-11-30 07:13:08 +1000 |
commit | e1c7871de80029b81824df4d59edc6de5293835f (patch) | |
tree | 8b5e34751cbc70493dbbb36cddaf7f85cd943ccd /test/handshake_helper.c | |
parent | 92b1b9a8871530f26ef7df972111297ffa721be2 (diff) |
Use ChaCha only if prioritized by clnt
IFF the client has ChaCha first, and server cipher priority is used,
and the new SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE option is used,
then reprioritize ChaCha above everything else. This way, A matching
ChaCha cipher will be selected if there is a match. If no ChaCha ciphers
match, then the other ciphers are used.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4436)
Diffstat (limited to 'test/handshake_helper.c')
-rw-r--r-- | test/handshake_helper.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 188ec9ed96..78eaa012e2 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -39,6 +39,7 @@ void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result) OPENSSL_free(result->server_alpn_negotiated); sk_X509_NAME_pop_free(result->server_ca_names, X509_NAME_free); sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free); + OPENSSL_free(result->cipher); OPENSSL_free(result); } @@ -1324,6 +1325,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( EVP_PKEY *tmp_key; const STACK_OF(X509_NAME) *names; time_t start; + const char* cipher; if (ret == NULL) return NULL; @@ -1543,6 +1545,9 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->client_resumed = SSL_session_reused(client.ssl); ret->server_resumed = SSL_session_reused(server.ssl); + cipher = SSL_CIPHER_get_name(SSL_get_current_cipher(client.ssl)); + ret->cipher = dup_str((const unsigned char*)cipher, strlen(cipher)); + if (session_out != NULL) *session_out = SSL_get1_session(client.ssl); |