ssl_tls13_client.c: Fix ciphersuite final validation
As we may offer ciphersuites not compatible with TLS 1.3 in the ClientHello check that the selected one is compatible with TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
8fdad9e534
commit
ba120bb228
1 changed files with 4 additions and 3 deletions
|
|
@ -1083,12 +1083,13 @@ static int ssl_tls13_parse_server_hello( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
|
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
|
||||||
/*
|
/*
|
||||||
* Check whether this ciphersuite is supported and offered.
|
* Check whether this ciphersuite is valid and offered.
|
||||||
* Via the force_ciphersuite version we may have instructed the client
|
* Via the force_ciphersuite version we may have instructed the client
|
||||||
* to use a different ciphersuite.
|
* to use a different ciphersuite.
|
||||||
*/
|
*/
|
||||||
if( ciphersuite_info == NULL ||
|
if( ( mbedtls_ssl_validate_ciphersuite(
|
||||||
ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) == 0 )
|
ssl, ciphersuite_info, ssl->minor_ver, ssl->minor_ver ) != 0 ) ||
|
||||||
|
!ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
|
||||||
{
|
{
|
||||||
fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
|
fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue