Branch: Tag:

2015-02-23

2015-02-23 16:50:52 by Martin Nilsson <nilsson@opera.com>

Null ciphers are still allowed in TLS 1.1, it's just null_with_null_null that is forbidden.

241:    // FIXME: Check hash size >= cert hash size.    }    -  if ((version >= PROTOCOL_TLS_1_1) && -  (< CIPHER_null, CIPHER_rc4_40, CIPHER_rc2_40, CIPHER_des40 >) -  [suite_info[1]]) { +  if (version >= PROTOCOL_TLS_1_1) +  { +  if (suite == SSL_null_with_null_null) +  { +  // This suite is not allowed to be negotiated in TLS 1.1. +  return 0; +  } +  +  if ( (< CIPHER_rc4_40, CIPHER_rc2_40, CIPHER_des40 >)[suite_info[1]]) {    // RFC 4346 A.5: Export suites    // TLS 1.1 implementations MUST NOT negotiate    // these cipher suites in TLS 1.1 mode.
253:    // during the handshake.    return 0;    } +  }       return 1;   }