crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension #49126
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What did you do?
Per rfc8422#section-5.1.2,
We are seeing TLS handshake failure (client and server failed to agree on ECDHE_ECDSA key exchange algorithem) when
ec_point_formats
is missing because we expect it to be listed in tls/handshake_server.goWhat did you expect to see?
If
ec_point_formats
is missing in ClientHello, we will allow ECDHE key exchanges becauseit means that only the uncompressed point format is supported
The text was updated successfully, but these errors were encountered: