Merge pull request #2404 from dgarske/strict_cipher

Added strict cipher suite check on client server_hello processing
2025-07-31 03:07:29 +02:00 · 2019-08-23 12:42:57 -07:00
parent 681de3e41a eb68ad162b
commit 1bad2bed3c
1 changed files with 18 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -18270,6 +18270,24 @@ exit_dpk:
        ssl->options.cipherSuite  = cs1;
        compression = input[i++];

+#ifndef WOLFSSL_NO_STRICT_CIPHER_SUITE
+        {
+            word32 idx, found = 0;
+            /* confirm server_hello cipher suite is one sent in client_hello */
+            for (idx = 0; idx < ssl->suites->suiteSz; idx += 2) {
+                if (ssl->suites->suites[idx]   == cs0 &&
+                    ssl->suites->suites[idx+1] == cs1) {
+                    found = 1;
+                    break;
+                }
+            }
+            if (!found) {
+                WOLFSSL_MSG("ServerHello did not use cipher suite from ClientHello");
+                return MATCH_SUITE_ERROR;
+            }
+        }
+#endif /* !WOLFSSL_NO_STRICT_CIPHER_SUITE */
+
        if (compression != NO_COMPRESSION && !ssl->options.usingCompression) {
            WOLFSSL_MSG("Server forcing compression w/o support");
            return COMPRESSION_ERROR;