git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Matt Caswell <matt@openssl.org>
	Fri, 19 Oct 2018 13:01:22 +0000 (14:01 +0100)
committer	Matt Caswell <matt@openssl.org>
	Mon, 12 Nov 2018 11:08:51 +0000 (11:08 +0000)
commit	de4dc598024fd0a9c2b7a466fd5323755d369522
tree	b8a5c1e2c789ef5acd9d63e552b34ced40a7e586	tree \| snapshot
parent	425036130dfb3cfbef5937772f7526ce60133264	commit \| diff

Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable

TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

ssl/ssl_locl.h		diff \| blob \| blame \| history
ssl/statem/statem_lib.c		diff \| blob \| blame \| history
ssl/t1_lib.c		diff \| blob \| blame \| history

A mirror of the official openssl repository

RSS Atom