wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

adjust TLS 1.3 capable check

Browse Source
This commit is contained in:
Jacob Barthelmeh
2019-03-27 10:27:09 -06:00
parent 083183e3b1
commit b787465b42
1 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/internal.c
View File

@ -17869,6 +17869,30 @@ exit_dpk:
return ret; return ret;
} }
#ifdef WOLFSSL_TLS13
/* returns 1 if able to do TLS 1.3 otherwise 0 */
static int TLSv1_3_Capable(WOLFSSL* ssl)
{
#ifndef WOLFSSL_TLS13
return 0;
#else
int ret = 0;
if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
ret = 1;
}
#ifdef OPENSSL_EXTRA
if ((wolfSSL_get_options(ssl) & SSL_OP_NO_TLSv1_3)) {
/* option set at run time to disable TLS 1.3 */
ret = 0;
}
#endif
return ret;
#endif
}
#endif /* WOLFSSL_TLS13 */
int CompleteServerHello(WOLFSSL* ssl) int CompleteServerHello(WOLFSSL* ssl)
{ {
int ret; int ret;
@ -17878,7 +17902,7 @@ exit_dpk:
TLS13_DOWNGRADE_SZ - 1; TLS13_DOWNGRADE_SZ - 1;
byte vers = ssl->arrays->serverRandom[RAN_LEN - 1]; byte vers = ssl->arrays->serverRandom[RAN_LEN - 1];
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { if (TLSv1_3_Capable(ssl)) {
/* TLS v1.3 capable client not allowed to downgrade when /* TLS v1.3 capable client not allowed to downgrade when
* connecting to TLS v1.3 capable server unless cipher suite * connecting to TLS v1.3 capable server unless cipher suite
* demands it. * demands it.