Skip ECJPAKE suite in ClientHello if no pw set up
When we don't have a password, we want to skip the costly process of generating the extension. So for consistency don't offer the ciphersuite without the extension.
This commit is contained in:
Manuel Pégourié-Gonnard
parent
538cb7b0b4
commit
ddf97a6c92
1 changed files with 6 additions and 0 deletions
|
|
@ -723,6 +723,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
continue;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
|
||||
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %2d",
|
||||
ciphersuites[i] ) );
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue