MCPcopy Index your code
hub / github.com/XTLS/Go / pickCipherSuite

Method pickCipherSuite

handshake_server.go:328–366  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

326}
327
328func (hs *serverHandshakeState) pickCipherSuite() error {
329 c := hs.c
330
331 preferenceOrder := cipherSuitesPreferenceOrder
332 if !hasAESGCMHardwareSupport || !aesgcmPreferred(hs.clientHello.cipherSuites) {
333 preferenceOrder = cipherSuitesPreferenceOrderNoAES
334 }
335
336 configCipherSuites := c.config.cipherSuites()
337 preferenceList := make([]uint16, 0, len(configCipherSuites))
338 for _, suiteID := range preferenceOrder {
339 for _, id := range configCipherSuites {
340 if id == suiteID {
341 preferenceList = append(preferenceList, id)
342 break
343 }
344 }
345 }
346
347 hs.suite = selectCipherSuite(preferenceList, hs.clientHello.cipherSuites, hs.cipherSuiteOk)
348 if hs.suite == nil {
349 c.sendAlert(alertHandshakeFailure)
350 return errors.New("tls: no cipher suite supported by both client and server")
351 }
352 c.cipherSuite = hs.suite.id
353
354 for _, id := range hs.clientHello.cipherSuites {
355 if id == TLS_FALLBACK_SCSV {
356 // The client is doing a fallback connection. See RFC 7507.
357 if hs.clientHello.vers < c.config.maxSupportedVersion(roleClient) {
358 c.sendAlert(alertInappropriateFallback)
359 return errors.New("tls: client using inappropriate protocol fallback")
360 }
361 break
362 }
363 }
364
365 return nil
366}
367
368func (hs *serverHandshakeState) cipherSuiteOk(c *cipherSuite) bool {
369 if c.flags&suiteECDHE != 0 {

Callers 1

handshakeMethod · 0.95

Calls 5

aesgcmPreferredFunction · 0.85
selectCipherSuiteFunction · 0.85
cipherSuitesMethod · 0.80
sendAlertMethod · 0.80
maxSupportedVersionMethod · 0.80

Tested by

no test coverage detected