ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

tls: Include TLS version announced in Client Hello in encrypted premaster 

While a hardcoded 1.2 version is fine when we offer that in Client Hello, we
should include the actually offered version if it has been reduced before
starting the exchange.
This commit is contained in:
Martin Willi 2014-03-25 10:50:51 +01:00
parent f93497507f
commit b37080f8c9
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libtls/tls_peer.c
View File

@ -79,6 +79,11 @@ struct private_tls_peer_t {
*/
peer_state_t state;
/**
* TLS version we offered in hello
*/
tls_version_t hello_version;
/**
* Hello random data selected by client
*/
@ -724,6 +729,7 @@ static status_t send_client_hello(private_tls_peer_t *this,
/* TLS version */
version = this->tls->get_version(this->tls);
this->hello_version = version;
writer->write_uint16(writer, version);
writer->write_data(writer, chunk_from_thing(this->client_random));
@ -917,7 +923,7 @@ static status_t send_key_exchange_encrypt(private_tls_peer_t *this,
return NEED_MORE;
}
rng->destroy(rng);
htoun16(premaster, TLS_1_2);
htoun16(premaster, this->hello_version);
if (!this->crypto->derive_secrets(this->crypto, chunk_from_thing(premaster),
this->session, this->server,