Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF

2025-07-30 22:43:08 +03:00 · 2013-03-20 15:30:09 +01:00
parent a0234377fc
commit b7149bcc90
3 changed files with 8 additions and 11 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1347,8 +1347,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
         * Reason: Otherwise we should have running hashes for SHA512 and SHA224
         *         in order to satisfy 'weird' needs from the server side.
         */
-        if( ssl->transform_negotiate->ciphersuite_info->cipher ==
-            POLARSSL_CIPHER_AES_256_GCM )
+        if( ssl->transform_negotiate->ciphersuite_info->mac ==
+            POLARSSL_MD_SHA384 )
        {
            hash_id = SIG_RSA_SHA384;
            hashlen = 48;