diff options
author | Martin Willi <martin@revosec.ch> | 2010-08-20 16:08:59 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-08-23 09:47:03 +0200 |
commit | f154e30431ee61d9f10027020d0eeb947722e1ea (patch) | |
tree | 3a232e7a782042468bff8e0f6dcd6c473f56f221 /src/libtls/tls_server.c | |
parent | 3c19b3461f835b901395b3335d6456ca60dbe5ab (diff) | |
download | strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.bz2 strongswan-f154e30431ee61d9f10027020d0eeb947722e1ea.tar.xz |
Verify negotiated TLS version
Diffstat (limited to 'src/libtls/tls_server.c')
-rw-r--r-- | src/libtls/tls_server.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index 18aa09df2..3248a0c1a 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -137,11 +137,12 @@ static status_t process_client_hello(private_tls_server_t *this, memcpy(this->client_random, random.ptr, sizeof(this->client_random)); - if (version < this->tls->get_version(this->tls)) + if (!this->tls->set_version(this->tls, version)) { - this->tls->set_version(this->tls, version); + DBG1(DBG_TLS, "negotiated version %N not supported", + tls_version_names, version); + return FAILED; } - count = ciphers.len / sizeof(u_int16_t); suites = alloca(count * sizeof(tls_cipher_suite_t)); DBG2(DBG_TLS, "received %d TLS cipher suites:", count); |