Relax parsing of TLS key share extensions on the server. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2019-05-29 17:28:37 +0000
committer	jsing <>	2019-05-29 17:28:37 +0000
commit	734d7963cd6029acc2d48de2f7466ffb952c8e32 (patch)
tree	66cfbf2c2533e3e9b8d0dc387eae2b801aa4d60f /src/lib/libc/stdlib
parent	cd734a6c65835c49bfbc800aa0a3e3fa251f5d5d (diff)
download	openbsd-734d7963cd6029acc2d48de2f7466ffb952c8e32.tar.gz openbsd-734d7963cd6029acc2d48de2f7466ffb952c8e32.tar.bz2 openbsd-734d7963cd6029acc2d48de2f7466ffb952c8e32.zip

Relax parsing of TLS key share extensions on the server.

The RFC does not require X25519 and it also allows clients to send an empty key share when the want the server to select a group. The current behaviour results in handshake failures where the client supports TLS 1.3 and sends a TLS key share extension that does not contain X25519. Issue reported by Hubert Kario via github. ok tb@

Diffstat (limited to 'src/lib/libc/stdlib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: