Relax parsing of TLS key share extensions on the server. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2019-05-29 17:28:37 +0000
committer	jsing <>	2019-05-29 17:28:37 +0000
commit	611703507e5a4b9de58cf05b58dbc23925de8d2d (patch)
tree	66cfbf2c2533e3e9b8d0dc387eae2b801aa4d60f /src/lib/libc/stdlib/realpath.c
parent	2214ddcdafdaaba29c0539cecf71267cc591193d (diff)
download	openbsd-611703507e5a4b9de58cf05b58dbc23925de8d2d.tar.gz openbsd-611703507e5a4b9de58cf05b58dbc23925de8d2d.tar.bz2 openbsd-611703507e5a4b9de58cf05b58dbc23925de8d2d.zip

Relax parsing of TLS key share extensions on the server.

The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@

Diffstat (limited to 'src/lib/libc/stdlib/realpath.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: