root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Don't send supported groups if no-ec and we're doing DTLS 

The supported_groups extension only supported EC groups in DTLS.
Therefore we shouldn't send it in a no-ec build.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
This commit is contained in:
Matt Caswell 2020-06-11 16:47:50 +01:00
parent db9592c1f7
commit e09f8d256f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/statem/extensions_clnt.c
View File

@ -211,7 +211,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
}
#if defined(OPENSSL_NO_EC)
if (max_version < TLS1_3_VERSION)
if (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#else
if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION)