X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_common.t0;h=a879258b9be1636a8176425041d38824a5ab323b;hp=f4ad65bf36e2cabdadc77ebf9ded26d4b038ca93;hb=05520e8eae3d8c6039e8bcde58741cf4ffb18f1d;hpb=8e86598b33f9df81d1f77d6cc32568d9ae119d67

diff --git a/src/ssl/ssl_hs_common.t0 b/src/ssl/ssl_hs_common.t0
index f4ad65b..a879258 100644
--- a/src/ssl/ssl_hs_common.t0
+++ b/src/ssl/ssl_hs_common.t0
@@ -581,7 +581,7 @@ cc: more-incoming-bytes? ( -- bool ) {
 	read16 skip-blob ;
 
 \ Open a substructure: the inner structure length is checked against,
-\ and substracted, from the output structure current limit.
+\ and subtracted, from the output structure current limit.
 : open-elt ( lim len -- lim-outer lim-inner )
 	dup { len }
 	- dup 0< if ERR_BAD_PARAM fail then
@@ -879,6 +879,16 @@ hexb| 0000 | \ List terminator.
 : prf-id ( suite -- id )
 	cipher-suite-to-elements 15 and ;
 
+\ Test whether a cipher suite is only for TLS-1.2. Cipher suites that
+\ can be used with TLS-1.0 or 1.1 use HMAC/SHA-1. RFC do not formally
+\ forbid using a CBC-based TLS-1.2 cipher suite, e.g. based on HMAC/SHA-256,
+\ with older protocol versions; however, servers should not do that, since
+\ it may confuse clients. Since the server code does not try such games,
+\ for consistency, the client should reject it as well (normal servers
+\ don't do that, so any attempt is a sign of foul play).
+: use-tls12? ( suite -- bool )
+	cipher-suite-to-elements 0xF0 and 0x20 <> ;
+
 \ Switch to negotiated security parameters for input or output.
 : switch-encryption ( is-client for-input -- )
 	{ for-input }