From f154e30431ee61d9f10027020d0eeb947722e1ea Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 20 Aug 2010 16:08:59 +0200
Subject: Verify negotiated TLS version

---
 src/libtls/tls_server.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/libtls/tls_server.c')

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 18aa09df2..3248a0c1a 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -137,11 +137,12 @@ static status_t process_client_hello(private_tls_server_t *this,
 
 	memcpy(this->client_random, random.ptr, sizeof(this->client_random));
 
-	if (version < this->tls->get_version(this->tls))
+	if (!this->tls->set_version(this->tls, version))
 	{
-		this->tls->set_version(this->tls, version);
+		DBG1(DBG_TLS, "negotiated version %N not supported",
+			 tls_version_names, version);
+		return FAILED;
 	}
-
 	count = ciphers.len / sizeof(u_int16_t);
 	suites = alloca(count * sizeof(tls_cipher_suite_t));
 	DBG2(DBG_TLS, "received %d TLS cipher suites:", count);
-- 
cgit v1.2.3