Send illegal_parameter alert rather than handshake_failure when the server tries to use a cipher suite that the client does not support. Fixes #9639.

This commit is contained in:
Kareem
2026-02-04 15:43:54 -07:00
parent 1e770e1a0f
commit eae22ab37d
+2 -2
View File
@@ -5497,8 +5497,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
suite[1] = ssl->options.cipherSuite;
if (!FindSuiteSSL(ssl, suite)) {
WOLFSSL_MSG("Cipher suite not supported on client");
WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR);
return MATCH_SUITE_ERROR;
WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
return INVALID_PARAMETER;
}
#if defined(HAVE_ECH)