Revision - 6f54ae7 - Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable – ENEA Mirror of the Software Heritage archive

Revision 6f54ae7a9079983ea51593d4a91699d14a9c9a99 authored by Matt Caswell on 19 October 2018, 13:01:22 UTC, committed by Matt Caswell on 12 November 2018, 11:19:58 UTC

Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable

TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

(cherry picked from commit de4dc598024fd0a9c2b7a466fd5323755d369522)

1 parent 61e78e7

Files
Changes

Permalinks

.travis-apt-pin.preferences

Package: clang-3.9
Pin: release o=Ubuntu
Pin-Priority: -1

Package: libclang-common-3.9-dev
Pin: release o=Ubuntu
Pin-Priority: -1

Package: libclang1-3.9
Pin: release o=Ubuntu
Pin-Priority: -1

Package: libllvm3.9v4
Pin: release o=Ubuntu
Pin-Priority: -1

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...