Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2

commit: 915ee19887e1cccd9b35c3cfcebf0cfc829f1dd5 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 17:30:26 2013 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 17:30:26 2013 +0200
tree: 08d99bc28d6966e3128df135c61078fbc23e8cc1
parent: 43f9799ce61c6392a014d0a2ea136b4b3a9ee194 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index c62c412..d166986 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -647,7 +647,8 @@
         for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
             j += 2, p += 2 )
         {
-            if( p[0] == 0 && p[1] == ssl->ciphersuites[ssl->minor_ver][i] )
+            if( p[0] == 0 && p[1] == ssl->ciphersuites[ssl->minor_ver][i] &&
+                ssl_get_ciphersuite_min_version( p[1] ) <= ssl->minor_ver )
                 goto have_ciphersuite;
         }
     }
commit	915ee19887e1cccd9b35c3cfcebf0cfc829f1dd5	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Mon Sep 23 17:30:26 2013 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Mon Sep 23 17:30:26 2013 +0200
tree	08d99bc28d6966e3128df135c61078fbc23e8cc1
parent	43f9799ce61c6392a014d0a2ea136b4b3a9ee194 [diff] [blame]