]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 03520a0) | patch
openssl: Only announce ECDH groups actually supported by OpenSSL
authorTobias Brunner <tobias@strongswan.org>
Tue, 16 Nov 2021 13:34:03 +0000 (14:34 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Dec 2021 10:33:04 +0000 (11:33 +0100)
commit46a6b062822c08f2d63690dd66caa52da734ee8d
tree9def1e0631e973b60cc8aae64fb19e40f7e4f89ctree
parent03520a0d54b3aefa5914dba349cc03432bc39d32commit | diff
openssl: Only announce ECDH groups actually supported by OpenSSL

Determined by whether the library provides curves for it or not.
For instance, in the OpenSSL 3 FIPS provider the Brainpool curves are
not included.  And in the Fedora package several weak curves are
explicitly patched out and the Brainpool curves are omitted even in
non-FIPS mode.
src/libstrongswan/plugins/openssl/openssl_plugin.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.