Security framework.

Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
author: Dr. Stephen Henson <steve@openssl.org> 2013-12-15 13:32:24 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-03-28 14:56:30 +0000
commit: b362ccab5c1d52086f19d29a32f4acc11073b86b (patch)
tree: a6a2de4f90c8ce9272164ad448ac78cf95371909 /ssl/s23_srvr.c
parent: 66f96fe2d519147097c118d4bf60704c69ed0635 (diff)
download: openssl-b362ccab5c1d52086f19d29a32f4acc11073b86b.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 9d47c22cb8..cb2b138f08 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -441,6 +441,12 @@ int ssl23_get_client_hello(SSL *s)
 		}
 #endif
 
+	if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL))
+		{
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_VERSION_TOO_LOW);
+		goto err;
+		}
+
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
 		/* we have SSLv3/TLSv1 in an SSLv2 header
author	Dr. Stephen Henson <steve@openssl.org>	2013-12-15 13:32:24 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-03-28 14:56:30 +0000
commit	b362ccab5c1d52086f19d29a32f4acc11073b86b (patch)
tree	a6a2de4f90c8ce9272164ad448ac78cf95371909 /ssl/s23_srvr.c
parent	66f96fe2d519147097c118d4bf60704c69ed0635 (diff)
download	openssl-b362ccab5c1d52086f19d29a32f4acc11073b86b.tar.gz