diff options
author | Matt Caswell <matt@openssl.org> | 2020-06-11 16:47:50 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-06-19 10:19:32 +0100 |
commit | e09f8d256f60fd0af62e510f3eaab9e9936f3a6a (patch) | |
tree | f1509677ab89454ef56812a7d66389dd3a698b3d /ssl | |
parent | db9592c1f723841586960912c387a925e4547a26 (diff) |
Don't send supported groups if no-ec and we're doing DTLS
The supported_groups extension only supported EC groups in DTLS.
Therefore we shouldn't send it in a no-ec build.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index dbdedad1ab..abff069ec9 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -211,7 +211,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, } #if defined(OPENSSL_NO_EC) - if (max_version < TLS1_3_VERSION) + if (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION) return EXT_RETURN_NOT_SENT; #else if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION) |