emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: actually fill in CIPHER_ID3 value in hello message

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2018-11-25 00:53:19 +01:00
parent 0d18e5cab2
commit ab3c5e4c44
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
networking/tls.c
View File

@ -61,9 +61,7 @@
// bug #11456:
// ftp.openbsd.org only supports ECDHE-RSA-AESnnn-GCM-SHAnnn or ECDHE-RSA-CHACHA20-POLY1305
#define CIPHER_ID3 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
// host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009),
// and immediately throws alert 40 "handshake failure" in response to our hello record
// if ECDHE-ECDSA-AES-CBC-SHA is *before* ECDHE-RSA-AES-GCM cipher in the list! Server bug?
// host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009)
#define CIPHER_ID4 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#define NUM_CIPHERS 4
@ -1544,8 +1542,8 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni)
/*************************/ record->cipherid[7] = CIPHER_ID3 & 0xff;
#endif
#if CIPHER_ID4
if ((CIPHER_ID4 >> 8) != 0) record->cipherid[6] = CIPHER_ID4 >> 8;
/*************************/ record->cipherid[7] = CIPHER_ID4 & 0xff;
if ((CIPHER_ID4 >> 8) != 0) record->cipherid[8] = CIPHER_ID4 >> 8;
/*************************/ record->cipherid[9] = CIPHER_ID4 & 0xff;
#endif
record->comprtypes_len = 1;