Fix cross-version compatibility in RFC7919 changes

- Older versions of, e.g., the FIPS provider report the minimum
  TLS version of the FFDHE groups as TLS 1.3, but we now need to
  support these in TLS 1.2.

- Older OpenSSL runtimes may not be prepared to support the FFDHE groups
  in TLS 1.2.

Therefore, instead of changing the default and FIPS providers to
advertise these groups as TLS 1.2 compatible, leave the capabilities
unchanged, and instead adjust the min(d)tls value when processing the
provider's capabilities in the new runtime.

This ensures cross-compatibility with everything except previous master
branch dev snapshots, but that's not a concern.

Fixes: #29958
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Feb  9 08:53:54 2026
(Merged from https://github.com/openssl/openssl/pull/29962)

diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index e1521dc9d8a7b9364c5885bc7fc60e6e5b3087a7..eb96627a67e241e10f7e9d59821e5cad37d5f582 100644 (file)
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -80,11 +80,11 @@ static const TLS_GROUP_CONSTANTS group_list[] = {
     /* 30 */ { OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
     /* 31 */ { OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13, 192, TLS1_3_VERSION, 0, -1, -1, 0 },
     /* 32 */ { OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13, 256, TLS1_3_VERSION, 0, -1, -1, 0 },
-    /* 33 */ { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_VERSION, 0, -1, -1, 0 },
-    /* 34 */ { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_VERSION, 0, -1, -1, 0 },
-    /* 35 */ { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_VERSION, 0, -1, -1, 0 },
-    /* 36 */ { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_VERSION, 0, -1, -1, 0 },
-    /* 37 */ { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_VERSION, 0, -1, -1, 0 },
+    /* 33 */ { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_3_VERSION, 0, -1, -1, 0 },
+    /* 34 */ { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
+    /* 35 */ { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
+    /* 36 */ { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
+    /* 37 */ { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1, 0 },
     /* 38 */ { OSSL_TLS_GROUP_ID_mlkem512, ML_KEM_512_SECBITS, TLS1_3_VERSION, 0, -1, -1, 1 },
     /* 39 */ { OSSL_TLS_GROUP_ID_mlkem768, ML_KEM_768_SECBITS, TLS1_3_VERSION, 0, -1, -1, 1 },
     /* 40 */ { OSSL_TLS_GROUP_ID_mlkem1024, ML_KEM_1024_SECBITS, TLS1_3_VERSION, 0, -1, -1, 1 },

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index aca0bc6398df1c16c066c019ab112bbad6191ede..cdf75bb22d14b7b6ff1d7a748a3cc9089033317f 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -327,6 +327,15 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
         goto err;
     }
+
+    if (ginf->group_id >= OSSL_TLS_GROUP_ID_ffdhe2048
+        && ginf->group_id <= OSSL_TLS_GROUP_ID_ffdhe8192) {
+        if (ginf->mintls > TLS1_2_VERSION)
+            ginf->mintls = TLS1_VERSION;
+        if (DTLS_VERSION_GT(ginf->mindtls, DTLS1_2_VERSION))
+            ginf->mindtls = DTLS1_VERSION;
+    }
+
     /*
      * Now check that the algorithm is actually usable for our property query
      * string. Regardless of the result we still return success because we have