Recommit a better version of the removal of the F5 workaround - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2024-04-04 08:02:21 +0000
committer	tb <>	2024-04-04 08:02:21 +0000
commit	5833e6be811b874ec2bbc5731b548b270e6845a2 (patch)
tree	6c1e83cd7e12580772317468694668609bf9ceb6 /src/lib/libcrypto/man
parent	e8f02dfdf1f039627bc23fe657b3c87398ba6866 (diff)
download	openbsd-5833e6be811b874ec2bbc5731b548b270e6845a2.tar.gz openbsd-5833e6be811b874ec2bbc5731b548b270e6845a2.tar.bz2 openbsd-5833e6be811b874ec2bbc5731b548b270e6845a2.zip

Recommit a better version of the removal of the F5 workaround

Unlike for previous TLS versions, TLSv1.3 servers can send the supported groups extension to inform a client of the server's preferences. The intention is that a client can adapt for subsequent commits. We ignore this info for now, but sthen ran into java-based servers that do this. Thus, rejecting the extension outright was incorrect. Instead, only allow the extension in TLSv1.3 encrypted extensions. This way the F5 workaround is also disabled, but we continue to interoperate with TLSv1.3 servers that do follow the last paragraph of RFC 8446, section 4.2.7. This mostly adjusts outdated/misleading comments. ok jsing sthen

Diffstat (limited to 'src/lib/libcrypto/man')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: