equal
deleted
inserted
replaced
413 (cs.keyExchange == KeyExchange.K_ECDH_ANON)) { |
413 (cs.keyExchange == KeyExchange.K_ECDH_ANON)) { |
414 continue; |
414 continue; |
415 } |
415 } |
416 } |
416 } |
417 |
417 |
418 SSLKeyExchange ke = SSLKeyExchange.valueOf(cs.keyExchange); |
418 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
|
419 cs.keyExchange, shc.negotiatedProtocol); |
419 if (ke == null) { |
420 if (ke == null) { |
420 continue; |
421 continue; |
421 } |
422 } |
422 if (!ServerHandshakeContext.legacyAlgorithmConstraints.permits( |
423 if (!ServerHandshakeContext.legacyAlgorithmConstraints.permits( |
423 null, cs.name, null)) { |
424 null, cs.name, null)) { |
437 |
438 |
438 return new KeyExchangeProperties(cs, ke, hcds); |
439 return new KeyExchangeProperties(cs, ke, hcds); |
439 } |
440 } |
440 |
441 |
441 for (CipherSuite cs : legacySuites) { |
442 for (CipherSuite cs : legacySuites) { |
442 SSLKeyExchange ke = SSLKeyExchange.valueOf(cs.keyExchange); |
443 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
|
444 cs.keyExchange, shc.negotiatedProtocol); |
443 if (ke != null) { |
445 if (ke != null) { |
444 SSLPossession[] hcds = ke.createPossessions(shc); |
446 SSLPossession[] hcds = ke.createPossessions(shc); |
445 if ((hcds != null) && (hcds.length != 0)) { |
447 if ((hcds != null) && (hcds.length != 0)) { |
446 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
448 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
447 SSLLogger.warning( |
449 SSLLogger.warning( |
1120 chc.handshakeConsumers.put( |
1122 chc.handshakeConsumers.put( |
1121 SSLHandshake.FINISHED.id, |
1123 SSLHandshake.FINISHED.id, |
1122 SSLHandshake.FINISHED); |
1124 SSLHandshake.FINISHED); |
1123 } else { |
1125 } else { |
1124 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
1126 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
1125 chc.negotiatedCipherSuite.keyExchange); |
1127 chc.negotiatedCipherSuite.keyExchange, |
|
1128 chc.negotiatedProtocol); |
1126 chc.handshakeKeyExchange = ke; |
1129 chc.handshakeKeyExchange = ke; |
1127 if (ke != null) { |
1130 if (ke != null) { |
1128 for (SSLHandshake handshake : |
1131 for (SSLHandshake handshake : |
1129 ke.getRelatedHandshakers(chc)) { |
1132 ke.getRelatedHandshakers(chc)) { |
1130 chc.handshakeConsumers.put(handshake.id, handshake); |
1133 chc.handshakeConsumers.put(handshake.id, handshake); |
1152 try { |
1155 try { |
1153 CipherSuite.HashAlg hashAlg = hc.negotiatedCipherSuite.hashAlg; |
1156 CipherSuite.HashAlg hashAlg = hc.negotiatedCipherSuite.hashAlg; |
1154 HKDF hkdf = new HKDF(hashAlg.name); |
1157 HKDF hkdf = new HKDF(hashAlg.name); |
1155 byte[] zeros = new byte[hashAlg.hashLength]; |
1158 byte[] zeros = new byte[hashAlg.hashLength]; |
1156 SecretKey earlySecret = hkdf.extract(zeros, psk, "TlsEarlySecret"); |
1159 SecretKey earlySecret = hkdf.extract(zeros, psk, "TlsEarlySecret"); |
1157 hc.handshakeKeyDerivation = new SSLSecretDerivation(hc, earlySecret); |
1160 hc.handshakeKeyDerivation = |
|
1161 new SSLSecretDerivation(hc, earlySecret); |
1158 } catch (GeneralSecurityException gse) { |
1162 } catch (GeneralSecurityException gse) { |
1159 throw (SSLHandshakeException) new SSLHandshakeException( |
1163 throw (SSLHandshakeException) new SSLHandshakeException( |
1160 "Could not generate secret").initCause(gse); |
1164 "Could not generate secret").initCause(gse); |
1161 } |
1165 } |
1162 } |
1166 } |