pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:595:    case CIPHER_rc2_40:    case CIPHER_rc4_40:    case CIPHER_des40:    return 0;    }    return 1;    });    break;    }    +  if (!max_version || (max_version > PROTOCOL_TLS_MAX)) { +  max_version = PROTOCOL_TLS_MAX; +  }    switch(max_version) {    case PROTOCOL_TLS_1_1:    case PROTOCOL_TLS_1_0:    case PROTOCOL_SSL_3_0:    res = filter(res,    lambda(int suite) {    array(int) info = [array(int)]CIPHER_SUITES[suite];    // AEAD suites are not supported in TLS versions    // prior to TLS 1.2. -  return (sizeof(info) < 4); +  // Hashes other than md5 or sha1 are not supported +  // prior to TLS 1.2. +  return (sizeof(info) < 4) && (info[2] <= HASH_sha1);    });    break;    }    // Sort and return.    return sort_suites(res);   }      //! Filter cipher suites from @[preferred_suites] that don't have a   //! key with an effective length of at least @[min_keylength] bits.   void filter_weak_suites(int min_keylength)