tls-crypto: Check if TLS versions and cipher suites match

Only suggest TLS versions of supported cipher suites.  For instance, do not
suggest TLS 1.3 if none of its cipher suites (requiring GCM/CCM or
ChaPoly) are available.

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index cb2141f8b726600a6cf73b6470b8e7bd7b03b948..06fd9229f29631a71e75fd63ab8037552f9078c5 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1140,7 +1140,7 @@ static void filter_unsupported_suites(suite_algs_t suites[], int *count)
 static void build_cipher_suite_list(private_tls_crypto_t *this)
 {
        suite_algs_t suites[countof(suite_algs)];
-       tls_version_t min_version, max_version;
+       tls_version_t min_version, max_version, new_min_version, new_max_version;
        bool require_encryption;
        int count = 0, i;
 
@@ -1198,10 +1198,26 @@ static void build_cipher_suite_list(private_tls_crypto_t *this)
        this->suites = malloc(sizeof(tls_cipher_suite_t) * count);
 
        DBG2(DBG_TLS, "%d supported TLS cipher suites:", count);
+       new_min_version = max_version;
+       new_max_version = min_version;
        for (i = 0; i < count; i++)
        {
                DBG2(DBG_TLS, "  %N", tls_cipher_suite_names, suites[i].suite);
                this->suites[i] = suites[i].suite;
+
+               /* set TLS min/max versions appropriate to the final cipher suites */
+               new_max_version = max(new_max_version, suites[i].max_version);
+               new_min_version = min(new_min_version, suites[i].min_version);
+       }
+       new_max_version = min(new_max_version, max_version);
+       new_min_version = max(new_min_version, min_version);
+
+       if (min_version != new_min_version || max_version != new_max_version)
+       {
+               this->tls->set_version(this->tls, new_min_version, new_max_version);
+               DBG2(DBG_TLS, "TLS min/max %N/%N according to the cipher suites",
+                        tls_version_names, new_min_version,
+                        tls_version_names, new_max_version);
        }
 }
 

diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 8e75eecf5e7eb338a3834ae298dea4372bf37e96..26792f9301d93d6612d0c4ba870a1fbcb1594926 100644 (file)
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -1217,6 +1217,9 @@ static status_t send_client_hello(private_tls_peer_t *this,
        }
        rng->destroy(rng);
 
+       /* determine supported suites before the versions as they might change */
+       count = this->crypto->get_cipher_suites(this->crypto, &suites);
+
        /* TLS version_max in handshake protocol */
        version_max = this->tls->get_version_max(this->tls);
        version_min = this->tls->get_version_min(this->tls);
@@ -1236,7 +1239,6 @@ static status_t send_client_hello(private_tls_peer_t *this,
        writer->write_data8(writer, this->session);
 
        /* add TLS cipher suites */
-       count = this->crypto->get_cipher_suites(this->crypto, &suites);
        if (count <= 0)
        {
                DBG1(DBG_TLS, "no supported TLS cipher suite available");