Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable (6f54ae7a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit 6f54ae7a authored Oct 19, 2018 by

Matt Caswell

Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable



TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

(cherry picked from commit de4dc598)

parent 61e78e7a

Hide whitespace changes

Inline Side-by-side

Please register or to comment