diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-12-07 07:24:41 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-12-07 07:24:41 +0400 |
commit | 0d25deb0af1d2dfecb0d1b39455ba971af665faf (patch) | |
tree | dfd953055ecf9ae02b469bda15acdea30cacede6 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | |
parent | 26c9bd6b3868540fdb1749cb7a455029dc0884a0 (diff) |
Add checks for ciphersuite validity vs the negotiated version
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 3475134c..7fc23226 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -340,7 +340,8 @@ public class DTLSServerProtocol state.selectedCipherSuite = state.server.getSelectedCipherSuite(); if (!Arrays.contains(state.offeredCipherSuites, state.selectedCipherSuite) || state.selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL - || state.selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + || state.selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV + || !TlsUtils.isValidCipherSuiteForVersion(state.selectedCipherSuite, server_version)) { throw new TlsFatalAlert(AlertDescription.internal_error); } |