Ability to specify allowed ciphersuites based on the protocol version.
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int *[4]'.
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
(cherry picked from commit a62729888b9d8eafbfa952fca63a04100ed90f69)
Conflicts:
ChangeLog
library/ssl_srv.c
library/ssl_tls.c
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2d09c59..4065318 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2677,7 +2677,7 @@
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
- ssl->ciphersuites = ssl_list_ciphersuites();
+ ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
#if defined(POLARSSL_DHM_C)
if( ( ret = mpi_read_string( &ssl->dhm_P, 16,
@@ -2862,7 +2862,22 @@
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
{
- ssl->ciphersuites = ciphersuites;
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_0] = ciphersuites;
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_1] = ciphersuites;
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_2] = ciphersuites;
+ ssl->ciphersuite_list[SSL_MINOR_VERSION_3] = ciphersuites;
+}
+
+void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites,
+ int major, int minor )
+{
+ if( major != SSL_MAJOR_VERSION_3 )
+ return;
+
+ if( minor < SSL_MINOR_VERSION_0 || minor > SSL_MINOR_VERSION_3 )
+ return;
+
+ ssl->ciphersuite_list[minor] = ciphersuites;
}
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,