git.ipfire.org Git - thirdparty/openssl.git/commit

author	Joachim Vandersmissen <git@jvdsn.com>
	Mon, 15 Dec 2025 07:09:49 +0000 (18:09 +1100)
committer	Alexandr Nedvedicky <sashan@openssl.org>
	Thu, 5 Feb 2026 09:09:18 +0000 (10:09 +0100)
commit	92131d3afc8d6efc9ff7f6b392fdb9c139fb0ddc
tree	2270ee5faec3467aca3935d7ae5a44aed7ee557a	tree \| snapshot
parent	e23b33a9956b45b61bd447169ddd3841ca9dfd61	commit \| diff

Implement first step of RFC7919 in TLS 1.2 server

RFC 7919 states:
    If a compatible TLS server receives a Supported Groups extension from
    a client that includes any FFDHE group (i.e., any codepoint between
    256 and 511, inclusive, even if unknown to the server), and if none
    of the client-proposed FFDHE groups are known and acceptable to the
    server, then the server MUST NOT select an FFDHE cipher suite.

We implement this behavior by adding a new function that checks this
condition as its inverse: only select FFDHE cipher suites if at least
one of the client-proposed FFDHE groups is known and acceptable, or
if the client did _not_ send any FFDHE groups.

Also add a test to verify two possible outcomes:
1) The client proposes FFDHE and non-FFDHE ciphersuites -> the server
will select a non-FFDHE ciphersuite.
2) The client only proposes FFDHE ciphersuites -> the server will end
the connection.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Thu Feb  5 09:09:40 2026
(Merged from https://github.com/openssl/openssl/pull/24551)

ssl/s3_lib.c		diff \| blob \| blame \| history
ssl/ssl_local.h		diff \| blob \| blame \| history
ssl/t1_lib.c		diff \| blob \| blame \| history
test/sslapitest.c		diff \| blob \| blame \| history