summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_cbc.c
diff options
context:
space:
mode:
authorbeck <>2024-03-27 22:27:09 +0000
committerbeck <>2024-03-27 22:27:09 +0000
commitf5455377d8db89c93a97bd92588ba5a5e5f169b3 (patch)
tree68bd1157c64daf7ea2cfbb0c6ca2d70bba0a9769 /src/lib/libssl/s3_cbc.c
parentddf23e9f98c2df931e1bb028e49b3087001d98cc (diff)
downloadopenbsd-f5455377d8db89c93a97bd92588ba5a5e5f169b3.tar.gz
openbsd-f5455377d8db89c93a97bd92588ba5a5e5f169b3.tar.bz2
openbsd-f5455377d8db89c93a97bd92588ba5a5e5f169b3.zip
Fix up server processing of key shares.
Ensure that the client can not provide a duplicate key share for any group, or send more key shares than groups they support. Ensure that the key shares must be provided in the same order as the client preference order specified in supported_groups. Ensure we only will choose to use a key share that is for the most preferred group by the client that we also support, to avoid the client being downgraded by sending a less preferred key share. If we do not end up with a key share for the most preferred mutually supported group, will then do a hello retry request selecting that group. Add regress for this to regress/tlsext/tlsexttest.c ok jsing@
Diffstat (limited to 'src/lib/libssl/s3_cbc.c')
0 files changed, 0 insertions, 0 deletions