From 7c1cc5e8f9ebe9c0af56f5319fc4f2321b9873b6 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Thu, 28 Sep 2023 10:17:05 -0400
Subject: [PATCH] Allow the server to send supported groups extension in TLS
 1.3

---
 src/tls.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 4fd673f44..6091cb7f9 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -4183,7 +4183,7 @@ static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore)
 
 #endif /* !NO_WOLFSSL_SERVER */
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) || defined(WOLFSSL_TLS13)
 
 static word16 TLSX_SupportedCurve_GetSize(SupportedCurve* list)
 {
@@ -4213,7 +4213,7 @@ static word16 TLSX_PointFormat_GetSize(PointFormat* list)
     return length;
 }
 
-#ifndef NO_WOLFSSL_CLIENT
+#if !defined(NO_WOLFSSL_CLIENT) || defined(WOLFSSL_TLS13)
 
 static word16 TLSX_SupportedCurve_Write(SupportedCurve* list, byte* output)
 {
@@ -5108,7 +5108,10 @@ int TLSX_UsePointFormat(TLSX** extensions, byte format, void* heap)
 #define EC_FREE_ALL         TLSX_SupportedCurve_FreeAll
 #define EC_VALIDATE_REQUEST TLSX_SupportedCurve_ValidateRequest
 
-#ifndef NO_WOLFSSL_CLIENT
+/* In TLS 1.2 the server never sends supported curve extension, but in TLS 1.3
+ * the server can send supported groups extension to indicate what it will
+ * support for later connections. */
+#if !defined(NO_WOLFSSL_CLIENT) || defined(WOLFSSL_TLS13)
 #define EC_GET_SIZE TLSX_SupportedCurve_GetSize
 #define EC_WRITE    TLSX_SupportedCurve_Write
 #else