Branch: Tag:

2015-02-20

2015-02-20 16:28:04 by Martin Nilsson <nilsson@opera.com>

Stop after finding the first compatible cipher suite. No need to validate all of them.

374:       // Given the set of certs, filter the set of client_suites,    // to find the best. -  cipher_suites = -  filter(cipher_suites, is_supported_suite, ke_mask, version); +  int suite = -1; +  foreach(cipher_suites, int s) +  if( is_supported_suite(s, ke_mask, version) ) { +  suite = s; +  break; +  }    -  if (!sizeof(cipher_suites)) { +  if (suite==-1) {    SSL3_DEBUG_MSG("No suites left after certificate filtering.\n");    return 0;    }    -  SSL3_DEBUG_MSG("intersection:\n%s\n", -  fmt_cipher_suites(cipher_suites)); +  SSL3_DEBUG_MSG("selected suite:\n%s\n", fmt_cipher_suite(cipher_suites));    -  int suite = cipher_suites[0]; -  +     int ke_method = [int]CIPHER_SUITES[suite][0];       SSL3_DEBUG_MSG("Selecting server key and certificate.\n");