pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:214:       KeyExchangeType ke = [int(0..0)|KeyExchangeType]suite_info[0];    if (!(ke_mask & (1<<ke))) return 0;       if (version < PROTOCOL_TLS_1_2) {    if (sizeof(suite_info) >= 4) {    // AEAD protocols are not supported prior to TLS 1.2.    // Variant cipher-suite dependent prfs are not supported prior to TLS 1.2.    return 0;    } +  if (suite_info[2] > HASH_sha) { +  // Hash algorithms other than md5 and sha1 are not supported +  // prior to TLS 1.2. +  return 0; +  }    // FIXME: Check hash size >= cert hash size.    }       if ((version >= PROTOCOL_TLS_1_1) &&    (< CIPHER_null, CIPHER_rc4_40, CIPHER_rc2_40, CIPHER_des40 >)    [suite_info[1]]) {    // RFC 4346 A.5: Export suites    // TLS 1.1 implementations MUST NOT negotiate    // these cipher suites in TLS 1.1 mode.    // ...