pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:230:       KeyExchangeType ke = [int(0..0)|KeyExchangeType]suite_info[0];    if (!(ke_mask & (1<<ke))) return 0;       if (version < PROTOCOL_TLS_1_2) {    if (sizeof(suite_info) >= 4) {    // AEAD protocols are not supported prior to TLS 1.2.    // Variant cipher-suite dependent prfs are not supported prior to TLS 1.2.    return 0;    } +  if (suite_info[2] > HASH_sha1) { +  // Hash algorithms other than md5 and sha1 are not supported +  // prior to TLS 1.2. +  return 0; +  }    // FIXME: Check hash size >= cert hash size.    }       if (version >= PROTOCOL_TLS_1_1)    {    if (suite == SSL_null_with_null_null)    {    // This suite is not allowed to be negotiated in TLS 1.1.    return 0;    }