Merge pull request #3895 from SparkiDev/no_dhe_psk_fix

TLS 1.3 PSK no DHE: When not doing PSK don't allow noPskDheKe to be set
2025-07-29 18:27:29 +02:00 · 2021-03-19 14:02:43 -07:00
parent 19c321f165 e7472384c2
commit fc2dff0af6
1 changed files with 3 additions and 0 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -4212,6 +4212,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
    }

    if (!usingPSK) {
+        /* Not using PSK so don't require no KE. */
+        ssl->options.noPskDheKe = 0;
+
 #ifndef NO_CERTS
        if (TLSX_Find(ssl->extensions, TLSX_KEY_SHARE) == NULL) {
            WOLFSSL_MSG("Client did not send a KeyShare extension");