Merge pull request #4 from SparkiDev/pr_2069

Disallow SupportedGroups in ServerHello for TLS 1.3
2025-08-01 03:34:39 +02:00 · 2019-02-04 09:05:36 +10:00
parent c080050c80 b7179c2a54
commit 390f3f5fca
1 changed files with 5 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@@ -9654,6 +9654,11 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
                         msgType == encrypted_extensions) {
                    return EXT_NOT_ALLOWED;
                }
+                else if (IsAtLeastTLSv1_3(ssl->ctx->method->version) &&
+                        msgType == server_hello &&
+                        !ssl->options.downgrade) {
+                    return EXT_NOT_ALLOWED;
+                }
 #endif
                ret = EC_PARSE(ssl, input + offset, size, isRequest);
                break;