]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
dtls: Remove unsuitable ciphers.
authorJonathan Bastien-Filiatrault <joe@x2a.org>
Sun, 2 Aug 2009 23:00:08 +0000 (19:00 -0400)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 17 Feb 2011 21:42:27 +0000 (22:42 +0100)
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
lib/gnutls_handshake.c

index e1f1a5560dba16a2c857fc2184e11f135c49ff5e..b48e5e760784d7f6244b4725aae3e515d0ec468d 100644 (file)
@@ -3324,6 +3324,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
   int newSuiteSize = 0, i;
   gnutls_certificate_credentials_t cert_cred;
   gnutls_kx_algorithm_t kx;
+  gnutls_cipher_algorithm_t cid;
   int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
   gnutls_kx_algorithm_t *alg = NULL;
   int alg_size = 0;
@@ -3408,6 +3409,15 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
             delete = 1;
         }
 
+      /* if dtls and not appropriate for dtls */
+      if(_gnutls_is_dtls(session))
+       {
+         cid = _gnutls_cipher_suite_get_cipher_algo (&(*cipherSuites)[i]);
+
+         if(cid == GNUTLS_CIPHER_ARCFOUR_128 || cid == GNUTLS_CIPHER_ARCFOUR_40)
+           delete = 1;
+       }
+
       memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2);
 
       if (delete == 0)