sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity

tls-peer: Don't initiate TLS connection if no cipher suites are supported

Browse Source 
If zero cipher suites are left after all filters, tls-peer does not
try to establish a connection to the server anymore.
This commit is contained in:
Pascal Knecht 2020-09-03 21:53:52 +02:00 committed by Tobias Brunner
parent 06aad98ff0
commit f920125304
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libtls/tls_peer.c
View File

@ -1237,6 +1237,12 @@ static status_t send_client_hello(private_tls_peer_t *this,
/* add TLS cipher suites */ /* add TLS cipher suites */
count = this->crypto->get_cipher_suites(this->crypto, &suites); count = this->crypto->get_cipher_suites(this->crypto, &suites);
if (count <= 0)
{
DBG1(DBG_TLS, "no supported TLS cipher suite available");
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
writer->write_uint16(writer, count * 2); writer->write_uint16(writer, count * 2);
for (i = 0; i < count; i++) for (i = 0; i < count; i++)
{ {