• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
2index e47eef1..d1b3224 100644
3--- a/ssl/s3_clnt.c
4+++ b/ssl/s3_clnt.c
5@@ -557,7 +557,8 @@ int ssl3_connect(SSL *s)
6 				}
7 			else
8 				{
9-				if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128
10+				if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
11+				    && ssl3_can_cutthrough(s)
12 				    && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
13 				   )
14 					{
15diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
16index 45a76ae..d75b9f7 100644
17--- a/ssl/ssl_lib.c
18+++ b/ssl/ssl_lib.c
19@@ -3305,12 +3305,39 @@ int SSL_cutthrough_complete(const SSL *s)
20 		s->version >= SSL3_VERSION &&
21 		s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
22 		(SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
23-		SSL_get_cipher_bits(s, NULL) >= 128 &&                      /* strong cipher choosen */
24+		ssl3_can_cutthrough(s) &&                                   /* cutthrough allowed */
25 		s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
26 		(s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
27 			s->state == SSL3_ST_CR_FINISHED_A));
28 	}
29
30+int ssl3_can_cutthrough(const SSL *s)
31+	{
32+	const SSL_CIPHER *c;
33+
34+	/* require a strong enough cipher */
35+	if (SSL_get_cipher_bits(s, NULL) < 128)
36+		return 0;
37+
38+	/* require NPN extension */
39+#ifndef OPENSSL_NO_NEXTPROTONEG
40+	if (!s->s3->next_proto_neg_seen)
41+		return 0;
42+#else
43+	return 0;
44+#endif
45+
46+	/* require a forward-secret cipher */
47+	c = SSL_get_current_cipher(s);
48+	if (!c || (c->algorithm_mkey != SSL_kEDH &&
49+			c->algorithm_mkey != SSL_kEECDH))
50+		{
51+		return 0;
52+		}
53+
54+	return 1;
55+	}
56+
57 /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
58  * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
59  * any. If EVP_MD pointer is passed, initializes ctx with this md
60diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
61index 2f8cda8..3732825 100644
62--- a/ssl/ssl_locl.h
63+++ b/ssl/ssl_locl.h
64@@ -1160,6 +1160,8 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg);
65 int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
66 #endif
67
68+int ssl3_can_cutthrough(const SSL *s);
69+
70 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
71 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
72 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
73