artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9a1b633) | patch
Fix TLS key share check to not fire when using < TLS 1.3
authorbeck <beck@openbsd.org>
Tue, 9 Jul 2024 12:27:27 +0000 (12:27 +0000)
committerbeck <beck@openbsd.org>
Tue, 9 Jul 2024 12:27:27 +0000 (12:27 +0000)
commite80243f4649a7a44f100ecb0836ff7dab34ab401
treedb66ee2c6920530349bb369e8549f5d82c13a8f4tree | snapshot
parent9a1b63306b54acc2b7bb05537bf1d13afc76209acommit | diff
Fix TLS key share check to not fire when using < TLS 1.3

The check was being too aggressive and was catching us when the
extension was being sent by a client which supports tls 1.3 but
the server was capped at TLS 1.2. This moves the check after the
max version check, so we won't error out if we do not support
TLS 1.3

Reported by obsd@bartula.de

ok tb@
lib/libssl/ssl_tlsext.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim