diff options
| author | beck <> | 2024-03-27 22:27:09 +0000 | 
|---|---|---|
| committer | beck <> | 2024-03-27 22:27:09 +0000 | 
| commit | f5455377d8db89c93a97bd92588ba5a5e5f169b3 (patch) | |
| tree | 68bd1157c64daf7ea2cfbb0c6ca2d70bba0a9769 /src/lib/libssl/ssl23.h | |
| parent | ddf23e9f98c2df931e1bb028e49b3087001d98cc (diff) | |
| download | openbsd-f5455377d8db89c93a97bd92588ba5a5e5f169b3.tar.gz openbsd-f5455377d8db89c93a97bd92588ba5a5e5f169b3.tar.bz2 openbsd-f5455377d8db89c93a97bd92588ba5a5e5f169b3.zip | |
Fix up server processing of key shares.
Ensure that the client can not provide a duplicate key share
for any group, or send more key shares than groups they support.
Ensure that the key shares must be provided in the same order
as the client preference order specified in supported_groups.
Ensure we only will choose to use a key share that is for the
most preferred group by the client that we also support,
to avoid the client being downgraded by sending a less preferred
key share. If we do not end up with a key share for the most preferred
mutually supported group, will then do a hello retry request
selecting that group.
Add regress for this to regress/tlsext/tlsexttest.c
ok jsing@
Diffstat (limited to 'src/lib/libssl/ssl23.h')
0 files changed, 0 insertions, 0 deletions
