diff options
Diffstat (limited to 'src/components/security_manager/src/ssl_context_impl.cc')
-rw-r--r-- | src/components/security_manager/src/ssl_context_impl.cc | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/components/security_manager/src/ssl_context_impl.cc b/src/components/security_manager/src/ssl_context_impl.cc index 5d151e854a..1c8b009097 100644 --- a/src/components/security_manager/src/ssl_context_impl.cc +++ b/src/components/security_manager/src/ssl_context_impl.cc @@ -131,6 +131,8 @@ CryptoManagerImpl::SSLContextImpl::create_max_block_sizes() { rc.insert(std::make_pair("AES128-SHA", seed_sha_max_block_size)); rc.insert( std::make_pair("AES256-GCM-SHA384", aes128_gcm_sha256_max_block_size)); + rc.insert(std::make_pair("ECDHE-RSA-AES256-GCM-SHA384", + aes128_gcm_sha256_max_block_size)); rc.insert(std::make_pair("AES256-SHA256", aes128_sha256_max_block_size)); rc.insert(std::make_pair("AES256-SHA", seed_sha_max_block_size)); rc.insert(std::make_pair("CAMELLIA128-SHA", seed_sha_max_block_size)); @@ -522,16 +524,15 @@ bool CryptoManagerImpl::SSLContextImpl::Decrypt(const uint8_t* const in_data, size_t CryptoManagerImpl::SSLContextImpl::get_max_block_size(size_t mtu) const { SDL_LOG_AUTO_TRACE(); + const auto max_allowed_block_size = + mtu > SSL3_RT_MAX_PLAIN_LENGTH ? SSL3_RT_MAX_PLAIN_LENGTH : mtu; if (!max_block_size_) { // FIXME(EZamakhov): add correct logics for TLS1/1.2/SSL3 // For SSL3.0 set temporary value 90, old TLS1.2 value is 29 - assert(mtu > 90); - return mtu - 90; + assert(max_allowed_block_size > 90); + return max_allowed_block_size - 90; } - const auto max_allowed_block_size = - mtu > SSL3_RT_MAX_PLAIN_LENGTH ? SSL3_RT_MAX_PLAIN_LENGTH : mtu; - return max_block_size_(max_allowed_block_size); } @@ -588,7 +589,7 @@ void CryptoManagerImpl::SSLContextImpl::ResetConnection() { SSL_shutdown(connection_); } SDL_LOG_DEBUG("SSL connection recreation"); - SSL_CTX* ssl_context = connection_->ctx; + SSL_CTX* ssl_context = SSL_get_SSL_CTX(connection_); SSL_free(connection_); connection_ = SSL_new(ssl_context); if (mode_ == SERVER) { |