projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4fd1278) | patch
As a server don't select TLSv1.3 if we're not capable of it
authorMatt Caswell <matt@openssl.org>
Wed, 4 Jul 2018 15:48:56 +0000 (16:48 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 13 Jul 2018 17:14:29 +0000 (18:14 +0100)
commitbaa45c3e74e1202eb963d22821ed87c097506b05
tree06a9c4fbeb2ce3fc40043d7d359c018d2849e783tree | snapshot
parent4fd12788ebd352308e3f3c5f0f9bc607ababc867commit | diff
As a server don't select TLSv1.3 if we're not capable of it

Check that we are either configured for PSK, or that we have a TLSv1.3
capable certificate type. DSA certs can't be used in TLSv1.3 and we
don't (currently) allow GOST ones either (owing to the lack of standard
sig algs).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6650)
ssl/statem/statem_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.