crypto/tls: don't rely on map iteration order.

Previously we were using the map iteration order to set the order of the cipher suites in the ClientHello. R=bradfitz CC=golang-dev https://golang.org/cl/5440048
2025-12-08 06:10:04 +00:00 · 2011-11-28 15:34:16 -05:00 · 2011-11-28 15:34:16 -05:00 · 1eb7ca924b
commit 1eb7ca924b
parent 5f6027e9ad
4 changed files with 33 additions and 22 deletions
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@ -56,18 +56,25 @@ Curves:
 	ellipticOk := supportedCurve && supportedPointFormat

 	var suite *cipherSuite
-	var suiteId uint16
 FindCipherSuite:
 	for _, id := range clientHello.cipherSuites {
 		for _, supported := range config.cipherSuites() {
 			if id == supported {
-				suite = cipherSuites[id]
+				suite = nil
+				for _, s := range cipherSuites {
+					if s.id == id {
+						suite = s
+						break
+					}
+				}
+				if suite == nil {
+					continue
+				}
 				// Don't select a ciphersuite which we can't
 				// support for this client.
 				if suite.elliptic && !ellipticOk {
 					continue
 				}
-				suiteId = id
 				break FindCipherSuite
 			}
 		}
@ -87,7 +94,7 @@ FindCipherSuite:
 	}

 	hello.vers = vers
-	hello.cipherSuite = suiteId
+	hello.cipherSuite = suite.id
 	t := uint32(config.time())
 	hello.random = make([]byte, 32)
 	hello.random[0] = byte(t >> 24)
@ -296,7 +303,7 @@ FindCipherSuite:
 	c.writeRecord(recordTypeHandshake, finished.marshal())

 	c.handshakeComplete = true
-	c.cipherSuite = suiteId
+	c.cipherSuite = suite.id

 	return nil
 }