luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vtls/rustls: simplify ciphersuite skipping

Browse Source 
Now that the rustls vtls backend is using rustls 0.14 we can take
advantage of `rustls_supported_ciphersuite_protocol_version()` to skip
TLS 1.3 and TLS 1.2 ciphersuites as required without needing to
interrogate the ciphersuite names as `rustls_str`s.

Closes #14889
This commit is contained in:
Daniel McCarney 2024-09-12 12:31:59 -04:00 committed by Daniel Stenberg
parent f09adc3ad1
commit 6d9b40d6a4
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/vtls/rustls.c
View File

@ -447,10 +447,9 @@ cr_get_selected_ciphers(struct Curl_easy *data,
if(!ciphers13) {
/* Add default TLSv1.3 ciphers to selection */
for(j = 0; j < default_len; j++) {
struct rustls_str s;
entry = rustls_default_crypto_provider_ciphersuites_get(j);
s = rustls_supported_ciphersuite_get_name(entry);
if(s.len < 5 || strncmp(s.data, "TLS13", 5) != 0)
if(rustls_supported_ciphersuite_protocol_version(entry) !=
RUSTLS_TLS_VERSION_TLSV1_3)
continue;
selected[count++] = entry;
@ -505,10 +504,9 @@ add_ciphers:
if(!ciphers12) {
/* Add default TLSv1.2 ciphers to selection */
for(j = 0; j < default_len; j++) {
struct rustls_str s;
entry = rustls_default_crypto_provider_ciphersuites_get(j);
s = rustls_supported_ciphersuite_get_name(entry);
if(s.len >= 5 && strncmp(s.data, "TLS13", 5) == 0)
if(rustls_supported_ciphersuite_protocol_version(entry) ==
RUSTLS_TLS_VERSION_TLSV1_3)
continue;
/* No duplicates allowed (so selected cannot overflow) */