tls: cipher 009D is not yet supported, don't test for it

function                                             old     new   delta
tls_handshake                                       2116    2108      -8

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/networking/tls.c b/networking/tls.c
index 6c87e12ff1e88a093d6afc51be3c1c198e989944..750a152e8fe70f2a55f527400444ef9e9ca2ba9a 100644 (file)
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -1629,7 +1629,6 @@ static void get_server_hello(tls_state_t *tls)
        struct server_hello *hp;
        uint8_t *cipherid;
        uint8_t cipherid1;
-       unsigned cipher;
        int len, len24;
 
        len = tls_xread_handshake_block(tls, 74 - 32);
@@ -1696,8 +1695,7 @@ static void get_server_hello(tls_state_t *tls)
                0x00,0x3B, //   TLS_RSA_WITH_NULL_SHA256
 #endif
        cipherid1 = cipherid[1];
-       tls->cipher_id = cipher = 0x100 * cipherid[0] + cipherid1;
-       dbg("server chose cipher %04x\n", cipher);
+       tls->cipher_id = 0x100 * cipherid[0] + cipherid1;
        tls->key_size = AES256_KEYSIZE;
        tls->MAC_size = SHA256_OUTSIZE;
        /*tls->IV_size = 0; - already is */
@@ -1728,13 +1726,14 @@ static void get_server_hello(tls_state_t *tls)
                if (cipherid1 <= 0x35) {
                        tls->MAC_size = SHA1_OUTSIZE;
                } else
-               if (cipherid1 == 0x9C || cipherid1 == 0x9D) {
+               if (cipherid1 == 0x9C /*|| cipherid1 == 0x9D*/) {
                        /* 009C,9D are AES-GCM */
                        tls->flags |= ENCRYPTION_AESGCM;
                        tls->MAC_size = 0;
                        tls->IV_size = 4;
                }
        }
+       dbg("server chose cipher %04x\n", tls->cipher_id);
        dbg("key_size:%u MAC_size:%u IV_size:%u\n", tls->key_size, tls->MAC_size, tls->IV_size);
 
        /* Handshake hash eventually destined to FINISHED record