diff options
| -rw-r--r-- | networking/tls.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/networking/tls.c b/networking/tls.c index f337bc0c9..7bdd58018 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -61,9 +61,7 @@ | |||
| 61 | // bug #11456: | 61 | // bug #11456: |
| 62 | // ftp.openbsd.org only supports ECDHE-RSA-AESnnn-GCM-SHAnnn or ECDHE-RSA-CHACHA20-POLY1305 | 62 | // ftp.openbsd.org only supports ECDHE-RSA-AESnnn-GCM-SHAnnn or ECDHE-RSA-CHACHA20-POLY1305 |
| 63 | #define CIPHER_ID3 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 63 | #define CIPHER_ID3 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| 64 | // host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009), | 64 | // host is.gd accepts only ECDHE-ECDSA-foo (the simplest which works: ECDHE-ECDSA-AES128-SHA 0xC009) |
| 65 | // and immediately throws alert 40 "handshake failure" in response to our hello record | ||
| 66 | // if ECDHE-ECDSA-AES-CBC-SHA is *before* ECDHE-RSA-AES-GCM cipher in the list! Server bug? | ||
| 67 | #define CIPHER_ID4 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 65 | #define CIPHER_ID4 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| 68 | 66 | ||
| 69 | #define NUM_CIPHERS 4 | 67 | #define NUM_CIPHERS 4 |
| @@ -1544,8 +1542,8 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) | |||
| 1544 | /*************************/ record->cipherid[7] = CIPHER_ID3 & 0xff; | 1542 | /*************************/ record->cipherid[7] = CIPHER_ID3 & 0xff; |
| 1545 | #endif | 1543 | #endif |
| 1546 | #if CIPHER_ID4 | 1544 | #if CIPHER_ID4 |
| 1547 | if ((CIPHER_ID4 >> 8) != 0) record->cipherid[6] = CIPHER_ID4 >> 8; | 1545 | if ((CIPHER_ID4 >> 8) != 0) record->cipherid[8] = CIPHER_ID4 >> 8; |
| 1548 | /*************************/ record->cipherid[7] = CIPHER_ID4 & 0xff; | 1546 | /*************************/ record->cipherid[9] = CIPHER_ID4 & 0xff; |
| 1549 | #endif | 1547 | #endif |
| 1550 | 1548 | ||
| 1551 | record->comprtypes_len = 1; | 1549 | record->comprtypes_len = 1; |