pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:453:       if (blacklisted_ciphermodes) {    res = filter(res,    lambda(int suite, multiset(int) blacklisted_ciphermodes) {    array(int) info = [array(int)]CIPHER_SUITES[suite];    int mode = (sizeof(info) > 3)?info[3]:MODE_cbc;    return !blacklisted_ciphermodes[mode];    }, blacklisted_ciphermodes);    }    +  switch(max_version) { +  case PROTOCOL_TLS_1_1: +  case PROTOCOL_TLS_1_0: +  case PROTOCOL_SSL_3_0: +  res = filter(res, +  lambda(int suite) { +  array(int) info = [array(int)]CIPHER_SUITES[suite]; +  // AEAD suites are not supported in TLS versions +  // prior to TLS 1.2. +  // Hashes other than md5 or sha1 are not supported +  // prior to TLS 1.2. +  return (sizeof(info) < 4) && (info[2] <= HASH_sha); +  }); +  break; +  }    // Sort and return.    return sort_suites(res);   }      //! Filter cipher suites from @[preferred_suites] that don't have a   //! key with an effective length of at least @[min_keylength] bits.   void filter_weak_suites(int min_keylength)   {    if (!preferred_suites || !min_keylength) return;    preferred_suites =