/* Cipher SUITES */
-#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \
- { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
+#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version ) \
+ { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version }
typedef struct
{
gnutls_cipher_algorithm_t block_algorithm;
gnutls_kx_algorithm_t kx_algorithm;
gnutls_mac_algorithm_t mac_algorithm;
- gnutls_protocol_t version; /* this cipher suite is supported
+ gnutls_protocol_t min_version; /* this cipher suite is supported
* from 'version' and above;
*/
+ gnutls_protocol_t max_version;/* this cipher suite is not supported after that */
} gnutls_cipher_suite_entry;
/* RSA with NULL cipher and MD5 MAC
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
- GNUTLS_SSL3),
+ GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC,
GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
/* PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
/* DHE-PSK */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
/* SRP */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
/* DHE_DSS */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC,
GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
/* DHE_RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC,
GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
/* RSA */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
GNUTLS_CIPHER_ARCFOUR_40,
GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
- GNUTLS_SSL3),
+ GNUTLS_SSL3, GNUTLS_TLS1_0),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3),
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1),
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_TLS_MAX_VERSION),
#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2),
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_TLS_MAX_VERSION),
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST,
GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN,
- GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3),
- {0, {{0, 0}}, 0, 0, 0, 0}
+ GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3, GNUTLS_TLS_MAX_VERSION),
+ {0, {{0, 0}}, 0, 0, 0, 0, 0}
};
#define GNUTLS_CIPHER_SUITE_LOOP(b) \
}
gnutls_protocol_t
-_gnutls_cipher_suite_get_version (const cipher_suite_st * suite)
+_gnutls_cipher_suite_is_version_supported (const cipher_suite_st * suite, gnutls_protocol_t version)
{
int ret = 0;
- GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version);
+ GNUTLS_CIPHER_SUITE_ALG_LOOP ( (version >= p->min_version && version <= p->max_version)?(ret=1):(ret=0));
return ret;
}
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
gnutls_mac_algorithm_t * mac,
- gnutls_protocol_t * version)
+ gnutls_protocol_t * min_version)
{
if (idx >= CIPHER_SUITES_COUNT)
return NULL;
*cipher = cs_algorithms[idx].block_algorithm;
if (mac)
*mac = cs_algorithms[idx].mac_algorithm;
- if (version)
- *version = cs_algorithms[idx].version;
+ if (min_version)
+ *min_version = cs_algorithms[idx].min_version;
return cs_algorithms[idx].name + sizeof ("GNU") - 1;
}
/* remove cipher suites which do not support the
* protocol version used.
*/
- if (_gnutls_cipher_suite_get_version (&tmp_ciphers[i]) > version)
+ if (_gnutls_cipher_suite_is_version_supported (&tmp_ciphers[i], version) == 0)
continue;
if (_gnutls_kx_priority