wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Disallow SupportedGroups in ServerHello for TLS 1.3

Browse Source 
But allowed when downgrading to TLS 1.2.
This commit is contained in:
Sean Parkinson
2019-02-04 08:58:17 +10:00
parent c080050c80
commit b7179c2a54
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/tls.c
View File

@@ -9654,6 +9654,11 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
msgType == encrypted_extensions) { msgType == encrypted_extensions) {
return EXT_NOT_ALLOWED; return EXT_NOT_ALLOWED;
} }
else if (IsAtLeastTLSv1_3(ssl->ctx->method->version) &&
msgType == server_hello &&
!ssl->options.downgrade) {
return EXT_NOT_ALLOWED;
}
#endif #endif
ret = EC_PARSE(ssl, input + offset, size, isRequest); ret = EC_PARSE(ssl, input + offset, size, isRequest);
break; break;