From e7472384c2d4580be672d6b2efb7bee23ea90ead Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 19 Mar 2021 12:11:30 +1000
Subject: [PATCH] TLS 1.3 PSK no DHE: When not doing PSK don't allow noPskDheKe
 to be set

---
 src/tls13.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index 9230ccbbe..2fd6e18ba 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -4212,6 +4212,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 
     if (!usingPSK) {
+        /* Not using PSK so don't require no KE. */
+        ssl->options.noPskDheKe = 0;
+
 #ifndef NO_CERTS
         if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
             WOLFSSL_MSG("Client did not send a KeyShare extension");