Client and server now filter sent and accepted ciphersuites on minimum

and maximum protocol version
2013-06-29 16:01:15 +02:00 · 2013-06-29 16:01:15 +02:00 · 2fbefde1d8
commit 2fbefde1d8
parent 59c28a2723
5 changed files with 57 additions and 23 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -401,6 +401,8 @@ struct _ssl_handshake_params
                                        /*!<  premaster secret        */

    int resume;                         /*!<  session resume indicator*/
+    int max_major_ver;                  /*!< max. major version client*/
+    int max_minor_ver;                  /*!< max. minor version client*/
 };

 struct _ssl_context
@ -414,10 +416,10 @@ struct _ssl_context
    int major_ver;              /*!< equal to  SSL_MAJOR_VERSION_3    */
    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */

-    int max_major_ver;          /*!< max. major version from client   */
-    int max_minor_ver;          /*!< max. minor version from client   */
-    int min_major_ver;          /*!< min. major version accepted      */
-    int min_minor_ver;          /*!< min. minor version accepted      */
+    int max_major_ver;          /*!< max. major version used          */
+    int max_minor_ver;          /*!< max. minor version used          */
+    int min_major_ver;          /*!< min. major version used          */
+    int min_minor_ver;          /*!< min. minor version used          */

    /*
     * Callbacks (RNG, debug, I/O, verification)
@ -911,6 +913,11 @@ void ssl_set_sni( ssl_context *ssl,

 /**
 * \brief          Set the maximum supported version sent from the client side
+ *                 and/or accepted at the server side
+ *                 (Default: SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3)
+ *
+ *                 Note: This prevents ciphersuites from 'higher' versions to
+ *                 be ignored.
 * 
 * \param ssl      SSL context
 * \param major    Major version number (only SSL_MAJOR_VERSION_3 supported)