diff options
author | Martin Willi <martin@revosec.ch> | 2010-08-20 16:08:59 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-08-23 09:47:03 +0200 |
commit | f154e30431ee61d9f10027020d0eeb947722e1ea (patch) | |
tree | 3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls_peer.c | |
parent | 3c19b3461f835b901395b3335d6456ca60dbe5ab (diff) | |
download | strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2 strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz |
Verify negotiated TLS version
Diffstat (limited to 'src/libtls/tls_peer.c')
-rw-r--r-- | src/libtls/tls_peer.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 09364d53b..ddd117a87 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -130,9 +130,11 @@ static status_t process_server_hello(private_tls_peer_t *this, memcpy(this->server_random, random.ptr, sizeof(this->server_random)); - if (version < this->tls->get_version(this->tls)) + if (!this->tls->set_version(this->tls, version)) { - this->tls->set_version(this->tls, version); + DBG1(DBG_TLS, "negotiated version %N not supported", + tls_version_names, version); + return FAILED; } suite = cipher; if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1)) |