tls-server: Select cipher suite also when handling HelloRetryRequest
authorTobias Brunner <tobias@strongswan.org>
Fri, 22 Jan 2021 09:06:05 +0000 (10:06 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
commitab226b3927f87ad1a9cc947368f3c7f797654925
treebab0b96452b312da04083d98ddd58b256746ad68
parent111e9071687d9df0002f9c06db0d6df4db4b82b1
tls-server: Select cipher suite also when handling HelloRetryRequest

This was previously treated like a resumption, which it is clearly not.
Also added a check that verifies that the same cipher suite is selected
during the retry, as per RFC 8446, section 4.1.4.
src/libtls/tls_server.c