projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61e78e7) | patch
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
authorMatt Caswell <matt@openssl.org>
Fri, 19 Oct 2018 13:01:22 +0000 (14:01 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 12 Nov 2018 11:19:58 +0000 (11:19 +0000)
commit6f54ae7a9079983ea51593d4a91699d14a9c9a99
tree589c98c8074d40879fe96687a4d6d38b61138512tree | snapshot
parent61e78e7ace6c5d65910379556d7da7d23492291ccommit | diff
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable

TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

(cherry picked from commit de4dc598024fd0a9c2b7a466fd5323755d369522)
ssl/ssl_locl.h diff | blob | history
ssl/statem/statem_lib.c diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.