TLS1.3 FFDHE Support

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8178)
author: raja-ashok <rashok.svks@gmail.com> 2019-01-25 21:04:49 +0530
committer: Matt Caswell <matt@openssl.org> 2019-06-12 10:18:34 +0100
commit: 9aaecbfc98eb89a03f72b35d343e08f377e7803a (patch)
tree: 4f025a6064a0f8f654a486d9ef6be6c9fcb8b2cf /ssl/statem/extensions_srvr.c
parent: a03749a8f14c397f57ef956650f5db5da6523595 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index d107af3f87..37f5819346 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1424,7 +1424,8 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
     for (i = 0; i < numgroups; i++) {
         uint16_t group = groups[i];
 
-        if (tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
+        if (tls_valid_group(s, group, SSL_version(s))
+                && tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
             if (first) {
                 /*
                  * Check if the client is already using our preferred group. If
author	raja-ashok <rashok.svks@gmail.com>	2019-01-25 21:04:49 +0530
committer	Matt Caswell <matt@openssl.org>	2019-06-12 10:18:34 +0100
commit	9aaecbfc98eb89a03f72b35d343e08f377e7803a (patch)
tree	4f025a6064a0f8f654a486d9ef6be6c9fcb8b2cf /ssl/statem/extensions_srvr.c
parent	a03749a8f14c397f57ef956650f5db5da6523595 (diff)