Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable (de4dc598) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL · GitLab

Commit de4dc598 authored Oct 19, 2018 by

Matt Caswell

Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable



TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

parent 42503613

Hide whitespace changes

Inline Side-by-side

admin_forge @etsi-cti-admin
mentioned in commit 6f54ae7a
· Jun 19, 2019

mentioned in commit 6f54ae7a

mentioned in commit 6f54ae7a9079983ea51593d4a91699d14a9c9a99

Toggle commit list

Please register or to comment