From 93f1c13619c5b41f2dcfdbf6ae666f867922a87a Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sat, 14 Mar 2015 23:23:26 +0100 Subject: [PATCH] Don't send a for ServerKeyExchange for kDHr and kDHd The certificate already contains the DH parameters in that case. ssl3_send_server_key_exchange() would fail in that case anyway. Reviewed-by: Matt Caswell --- ssl/d1_srvr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index b89c369768..b55af35c75 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -484,7 +484,7 @@ int dtls1_accept(SSL *s) #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif - || (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) + || (alg_k & SSL_kDHE) || (alg_k & SSL_kECDHE) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL -- 2.25.1