#endif
#ifndef OPENSSL_NO_EC
-static int use_ecc(SSL *s, int max_version)
+static int use_ecc(SSL *s, int min_version, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
for (j = 0; j < num_groups; j++) {
uint16_t ctmp = pgroups[j];
- if (tls_valid_group(s, ctmp, max_version)
+ if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
return 1;
}
SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason);
return EXT_RETURN_FAIL;
}
- if (!use_ecc(s, max_version))
+ if (!use_ecc(s, min_version, max_version))
return EXT_RETURN_NOT_SENT;
/* Add TLS extension ECPointFormats to the ClientHello message */
if (max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#else
- if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION)
+ if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#endif
for (i = 0; i < num_groups; i++) {
uint16_t ctmp = pgroups[i];
- if (tls_valid_group(s, ctmp, max_version)
+ if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,