Better handling of ciphersuite version range and forced version in
ssl_client2
This commit is contained in:
parent
6c85279719
commit
66c4810ffe
1 changed files with 12 additions and 1 deletions
|
@ -435,13 +435,24 @@ int main( int argc, char *argv[] )
|
|||
const ssl_ciphersuite_t *ciphersuite_info;
|
||||
ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
|
||||
|
||||
if( ciphersuite_info->min_minor_ver > opt.max_version ||
|
||||
if( opt.max_version != -1 &&
|
||||
ciphersuite_info->min_minor_ver > opt.max_version )
|
||||
{
|
||||
printf("forced ciphersuite not allowed with this protocol version\n");
|
||||
ret = 2;
|
||||
goto usage;
|
||||
}
|
||||
if( opt.min_version != -1 &&
|
||||
ciphersuite_info->max_minor_ver < opt.min_version )
|
||||
{
|
||||
printf("forced ciphersuite not allowed with this protocol version\n");
|
||||
ret = 2;
|
||||
goto usage;
|
||||
}
|
||||
if( opt.max_version > ciphersuite_info->max_minor_ver )
|
||||
opt.max_version = ciphersuite_info->max_minor_ver;
|
||||
if( opt.min_version < ciphersuite_info->min_minor_ver )
|
||||
opt.min_version = ciphersuite_info->min_minor_ver;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
|
|
Loading…
Reference in a new issue