]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a02571a) | patch
Don't ask for an invalid group in an HRR
authorMatt Caswell <matt@openssl.org>
Fri, 9 Jun 2023 08:09:06 +0000 (09:09 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 23 Jun 2023 13:14:59 +0000 (14:14 +0100)
commit7a949ae5f1799a6629cf6deb44ae0f38455a73dd
tree5abc3503b24d1e13db588f0e6508f11c65050c4ctree
parenta02571a02473889d13fe7996e0d2d052328f3199commit | diff
Don't ask for an invalid group in an HRR

If the client sends us a group in a key_share that is in our
supported_groups list but is otherwise not suitable (e.g. not compatible
with TLSv1.3) we reject it. We should not ask for that same group again
in a subsequent HRR.

Fixes #21157

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21163)
ssl/statem/extensions.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git