CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/05/29 11:28:37
Modified files:
lib/libssl : ssl_tlsext.c
Log message:
Relax parsing of TLS key share extensions on the server.
The RFC does not require X25519 and it also allows clients to send an empty
key share when the want the server to select a group. The current behaviour
results in handshake failures where the client supports TLS 1.3 and sends a
TLS key share extension that does not contain X25519.
Issue reported by Hubert Kario via github.
ok tb@
