From: Jouni Malinen <j@w1.fi>
Date: Sun, 9 Mar 2014 09:57:05 +0000 (+0200)
Subject: TLS server: Enable SHA256-based cipher suites
X-Git-Tag: hostap_2_2~633
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41ebfe97ec0f3704fd1ef7cc15d06a01af62f1c5;p=thirdparty%2Fhostap.git

TLS server: Enable SHA256-based cipher suites

The SHA256-based RSA-AES-128/256 cipher suites were already implemented
and enabled for the internal TLS client, but they had not been enabled
for the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/tls/tlsv1_server.c b/src/tls/tlsv1_server.c
index 2880309eb..55f5a78fb 100644
--- a/src/tls/tlsv1_server.c
+++ b/src/tls/tlsv1_server.c
@@ -361,7 +361,9 @@ struct tlsv1_server * tlsv1_server_init(struct tlsv1_credentials *cred)
 
 	count = 0;
 	suites = conn->cipher_suites;
+	suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
 	suites[count++] = TLS_RSA_WITH_AES_256_CBC_SHA;
+	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
 	suites[count++] = TLS_RSA_WITH_AES_128_CBC_SHA;
 	suites[count++] = TLS_RSA_WITH_3DES_EDE_CBC_SHA;
 	suites[count++] = TLS_RSA_WITH_RC4_128_SHA;