feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Return error with AES-GCM and negotiated versions < TLSv1.2

Browse Source
This commit is contained in:
Carie Pointer
2019-10-07 08:28:00 -07:00
parent 625bd121f2
commit df22115920
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@@ -24466,6 +24466,26 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
} }
if (first == CIPHER_BYTE && ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor < TLSv1_2_MINOR) {
switch(second) {
case TLS_RSA_WITH_AES_128_GCM_SHA256:
case TLS_RSA_WITH_AES_256_GCM_SHA384:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
case TLS_PSK_WITH_AES_128_GCM_SHA256:
case TLS_PSK_WITH_AES_256_GCM_SHA384:
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
WOLFSSL_MSG("Version of SSL does not support AES-GCM");
return WOLFSSL_FAILURE;
default:
break;
}
}
#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
defined(HAVE_SUPPORTED_CURVES) defined(HAVE_SUPPORTED_CURVES)
if (!TLSX_ValidateSupportedCurves(ssl, first, second)) { if (!TLSX_ValidateSupportedCurves(ssl, first, second)) {