Move renego SCSV after actual ciphersuites
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 77ae8b4..95699b4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -633,18 +633,6 @@
// Skip writing ciphersuite length for now
p += 2;
- /*
- * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
- */
-#if defined(POLARSSL_SSL_RENEGOTIATION)
- if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
-#endif
- {
- *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
- *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
- n++;
- }
-
for( i = 0; ciphersuites[i] != 0; i++ )
{
ciphersuite_info = ssl_ciphersuite_from_id( ciphersuites[i] );
@@ -668,6 +656,18 @@
*p++ = (unsigned char)( ciphersuites[i] );
}
+ /*
+ * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ */
+#if defined(POLARSSL_SSL_RENEGOTIATION)
+ if( ssl->renegotiation == SSL_INITIAL_HANDSHAKE )
+#endif
+ {
+ *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
+ *p++ = (unsigned char)( SSL_EMPTY_RENEGOTIATION_INFO );
+ n++;
+ }
+
/* Some versions of OpenSSL don't handle it correctly if not at end */
#if defined(POLARSSL_SSL_FALLBACK_SCSV)
if( ssl->fallback == SSL_IS_FALLBACK )
