While a hardcoded 1.2 version is fine when we offer that in Client Hello, we
should include the actually offered version if it has been reduced before
starting the exchange.
+ * TLS version we offered in hello
+ */
+ tls_version_t hello_version;
+
+ /**
* Hello random data selected by client
*/
char client_random[32];
* Hello random data selected by client
*/
char client_random[32];
/* TLS version */
version = this->tls->get_version(this->tls);
/* TLS version */
version = this->tls->get_version(this->tls);
+ this->hello_version = version;
writer->write_uint16(writer, version);
writer->write_data(writer, chunk_from_thing(this->client_random));
writer->write_uint16(writer, version);
writer->write_data(writer, chunk_from_thing(this->client_random));
return NEED_MORE;
}
rng->destroy(rng);
return NEED_MORE;
}
rng->destroy(rng);
- htoun16(premaster, TLS_1_2);
+ htoun16(premaster, this->hello_version);
if (!this->crypto->derive_secrets(this->crypto, chunk_from_thing(premaster),
this->session, this->server,
if (!this->crypto->derive_secrets(this->crypto, chunk_from_thing(premaster),
this->session, this->server,
projects / strongswan.git / commitdiff