From: Kurt Roeckx Date: Sat, 14 Mar 2015 22:23:26 +0000 (+0100) Subject: Don't send a for ServerKeyExchange for kDHr and kDHd X-Git-Tag: OpenSSL_1_1_0-pre1~1479 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=93f1c13619c5b41f2dcfdbf6ae666f867922a87a;p=oweals%2Fopenssl.git Don't send a for ServerKeyExchange for kDHr and kDHd The certificate already contains the DH parameters in that case. ssl3_send_server_key_exchange() would fail in that case anyway. Reviewed-by: Matt Caswell --- diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index b89c369768..b55af35c75 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -484,7 +484,7 @@ int dtls1_accept(SSL *s) #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif - || (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) + || (alg_k & SSL_kDHE) || (alg_k & SSL_kECDHE) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL