From f920125304d2799c9c270f27bcaca457c19b3926 Mon Sep 17 00:00:00 2001 From: Pascal Knecht Date: Thu, 3 Sep 2020 21:53:52 +0200 Subject: [PATCH] tls-peer: Don't initiate TLS connection if no cipher suites are supported If zero cipher suites are left after all filters, tls-peer does not try to establish a connection to the server anymore. --- src/libtls/tls_peer.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 002b84c7a..8e75eecf5 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -1237,6 +1237,12 @@ static status_t send_client_hello(private_tls_peer_t *this, /* add TLS cipher suites */ count = this->crypto->get_cipher_suites(this->crypto, &suites); + if (count <= 0) + { + DBG1(DBG_TLS, "no supported TLS cipher suite available"); + this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR); + return NEED_MORE; + } writer->write_uint16(writer, count * 2); for (i = 0; i < count; i++) { -- 2.47.3