mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 02919b4..4409d1b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2164,14 +2164,14 @@
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
- ciphersuite_info->min_minor_ver > opt.max_version )
+ ( ciphersuite_info->min_tls_version & 0xFF ) > opt.max_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
- ciphersuite_info->max_minor_ver < opt.min_version )
+ ( ciphersuite_info->max_tls_version & 0xFF ) < opt.min_version )
{
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
@@ -2181,13 +2181,13 @@
/* If we select a version that's not supported by
* this suite, then there will be no common ciphersuite... */
if( opt.max_version == -1 ||
- opt.max_version > ciphersuite_info->max_minor_ver )
+ opt.max_version > ( ciphersuite_info->max_tls_version & 0xFF ) )
{
- opt.max_version = ciphersuite_info->max_minor_ver;
+ opt.max_version = ( ciphersuite_info->max_tls_version & 0xFF );
}
- if( opt.min_version < ciphersuite_info->min_minor_ver )
+ if( opt.min_version < ( ciphersuite_info->min_tls_version & 0xFF ) )
{
- opt.min_version = ciphersuite_info->min_minor_ver;
+ opt.min_version = ( ciphersuite_info->min_tls_version & 0xFF );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)