if (server)
delete = check_server_params (session, kx, alg, alg_size);
}
+
+ /* If we have not agreed to a common curve with the peer don't bother
+ * negotiating ECDH.
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER && (kx == GNUTLS_KX_ANON_ECDH))
+ {
+ if (_gnutls_session_ecc_curve_get(session) == GNUTLS_ECC_CURVE_INVALID)
+ delete = 1;
+ }
/* These two SRP kx's are marked to require a CRD_CERTIFICATE,
(see cred_mappings in gnutls_algorithms.c), but it also
{
#ifdef ENABLE_ANON
case GNUTLS_CRD_ANON:
- print_dh_info (session, "Anonymous ");
+ if (kx != GNUTLS_KX_ANON_ECDH)
+ print_dh_info (session, "Anonymous ");
break;
#endif
#ifdef ENABLE_SRP