From 54b33eeed23616a375b1ba83a4cf2a596377bfd9 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 5 Apr 2024 14:11:01 +0700 Subject: DTLS: more robust exclusion of stream ciphers --- crypto/src/tls/DtlsProtocol.cs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/crypto/src/tls/DtlsProtocol.cs b/crypto/src/tls/DtlsProtocol.cs index 566d07cb4..73e9a4070 100644 --- a/crypto/src/tls/DtlsProtocol.cs +++ b/crypto/src/tls/DtlsProtocol.cs @@ -76,15 +76,14 @@ namespace Org.BouncyCastle.Tls /// internal static int ValidateSelectedCipherSuite(int selectedCipherSuite, short alertDescription) { - switch (TlsUtilities.GetEncryptionAlgorithm(selectedCipherSuite)) + int encryptionAlgorithm = TlsUtilities.GetEncryptionAlgorithm(selectedCipherSuite); + if (EncryptionAlgorithm.NULL != encryptionAlgorithm) { - case EncryptionAlgorithm.RC4_40: - case EncryptionAlgorithm.RC4_128: - case -1: - throw new TlsFatalAlert(alertDescription); - default: - return selectedCipherSuite; + int cipherType = TlsUtilities.GetEncryptionAlgorithmType(encryptionAlgorithm); + if (cipherType < 0 || CipherType.stream == cipherType) + throw new TlsFatalAlert(alertDescription); } + return selectedCipherSuite; } } } -- cgit 1.4.1