Fixed SSL server Hello parsing.

We must parse cipher and compression method before extensions.

Also fixed extensions detection to match RFC 5246 algorithm.

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index c978e5430f2a3060c0bba71d58cc87c32200bdf2..b052b8a678697dc8ac64a159601782868f6ab025 100644 (file)
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -417,8 +417,14 @@ Security::HandshakeParser::parseServerHelloHandshakeMessage(const SBuf &raw)
         tkHsk.commit();
         P8String session(tkHsk, "Session ID");
         details->sessionId = session.body;
-        P16String extensions(tkHsk, "Extensions List");
-        parseExtensions(extensions.body);
+        const uint16_t cipher = tkHsk.uint16("cipher");
+        details->ciphers.push_back(cipher);
+        const uint8_t compressionMethod = tkHsk.uint8("Compression method");
+        details->compressMethod = compressionMethod > 0 ? 1 : 0; // Only deflate supported here.
+        if (!tkHsk.atEnd()) { // extensions present
+            P16String extensions(tkHsk, "Extensions List");
+            parseExtensions(extensions.body);
+        }
 #if 0
     }
 #endif