diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-15 14:32:24 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-28 15:56:30 +0100 |
| commit | b362ccab5c1d52086f19d29a32f4acc11073b86b (patch) | |
| tree | a6a2de4f90c8ce9272164ad448ac78cf95371909 /ssl/s23_srvr.c | |
| parent | Check return value of ssl3_output_cert_chain (diff) | |
| download | openssl-b362ccab5c1d52086f19d29a32f4acc11073b86b.tar.xz openssl-b362ccab5c1d52086f19d29a32f4acc11073b86b.zip | |
Security framework.
Security callback: selects which parameters are permitted including
sensible defaults based on bits of security.
The "parameters" which can be selected include: ciphersuites,
curves, key sizes, certificate signature algorithms, supported
signature algorithms, DH parameters, SSL/TLS version, session tickets
and compression.
In some cases prohibiting the use of a parameters will mean they are
not advertised to the peer: for example cipher suites and ECC curves.
In other cases it will abort the handshake: e.g DH parameters or the
peer key size.
Documentation to follow...
Diffstat (limited to 'ssl/s23_srvr.c')
| -rw-r--r-- | ssl/s23_srvr.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 9d47c22cb8..cb2b138f08 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -441,6 +441,12 @@ int ssl23_get_client_hello(SSL *s) } #endif + if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_VERSION_TOO_LOW); + goto err; + } + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header |