diff --git a/ChangeLog b/ChangeLog index e24eb25fe..9a40ead87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,7 @@ Bugfix overflow. #1179 * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found by Guido Vranken. #639 + * Log correct number of ciphersuites used in Client Hello message. #918 * Fix the entropy.c module to ensure that mbedtls_sha256_init() or mbedtls_sha512_init() is called before operating on the relevant context structure. Do not assume that zeroizing a context is a correct way to diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c0c424bef..415c506ea 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -811,6 +811,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ @@ -818,6 +820,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) #endif { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; @@ -837,8 +840,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *q++ = (unsigned char)( n >> 7 ); *q++ = (unsigned char)( n << 1 ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) ); - #if defined(MBEDTLS_ZLIB_SUPPORT) offer_compress = 1; #else