Verify negotiated TLS version

author: Martin Willi <martin@revosec.ch> 2010-08-20 16:08:59 +0200
committer: Martin Willi <martin@revosec.ch> 2010-08-23 09:47:03 +0200
commit: f154e30431ee61d9f10027020d0eeb947722e1ea (patch)
tree: 3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls_server.c
parent: 3c19b3461f835b901395b3335d6456ca60dbe5ab (diff)
download: strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2
strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 18aa09df2..3248a0c1a 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -137,11 +137,12 @@ static status_t process_client_hello(private_tls_server_t *this,
 
 	memcpy(this->client_random, random.ptr, sizeof(this->client_random));
 
-	if (version < this->tls->get_version(this->tls))
+	if (!this->tls->set_version(this->tls, version))
 	{
-		this->tls->set_version(this->tls, version);
+		DBG1(DBG_TLS, "negotiated version %N not supported",
+			 tls_version_names, version);
+		return FAILED;
 	}
-
 	count = ciphers.len / sizeof(u_int16_t);
 	suites = alloca(count * sizeof(tls_cipher_suite_t));
 	DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
author	Martin Willi <martin@revosec.ch>	2010-08-20 16:08:59 +0200
committer	Martin Willi <martin@revosec.ch>	2010-08-23 09:47:03 +0200
commit	f154e30431ee61d9f10027020d0eeb947722e1ea (patch)
tree	3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls_server.c
parent	3c19b3461f835b901395b3335d6456ca60dbe5ab (diff)
download	strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2 strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz