projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4250361) | patch
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
authorMatt Caswell <matt@openssl.org>
Fri, 19 Oct 2018 13:01:22 +0000 (14:01 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 12 Nov 2018 11:08:51 +0000 (11:08 +0000)
commitde4dc598024fd0a9c2b7a466fd5323755d369522
treeb8a5c1e2c789ef5acd9d63e552b34ced40a7e586tree | snapshot
parent425036130dfb3cfbef5937772f7526ce60133264commit | diff
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable

TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)
ssl/ssl_locl.h diff | blob | history
ssl/statem/statem_lib.c diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.