Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't ask for an invalid group in an HRR #21163

Closed
wants to merge 4 commits into from
Closed

Don't ask for an invalid group in an HRR #21163

wants to merge 4 commits into from

Commits on Jun 9, 2023

  1. Don't ask for an invalid group in an HRR 

    If the client sends us a group in a key_share that is in our
supported_groups list but is otherwise not suitable (e.g. not compatible
with TLSv1.3) we reject it. We should not ask for that same group again
in a subsequent HRR.

Fixes openssl#21157
    @mattcaswell
    mattcaswell committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    68270f1 View commit details
    Browse the repository at this point in the history

  2. Add a test for an invalid group in the HRR 

    Test that if the client sends a key share for a group in the server's
supported_group list but is otherwise invalid, that we don't select it
in the HRR.
    @mattcaswell
    mattcaswell committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    fc26f41 View commit details
    Browse the repository at this point in the history

  3. fixup! Add a test for an invalid group in the HRR

    @mattcaswell
    mattcaswell committed Jun 9, 2023
    Configuration menu
    Copy the full SHA
    35afe2a View commit details
    Browse the repository at this point in the history

Commits on Jun 16, 2023

  1. fixup! Add a test for an invalid group in the HRR

    @mattcaswell
    mattcaswell committed Jun 16, 2023
    Configuration menu
    Copy the full SHA
    f3e3a8a View commit details
    Browse the repository at this point in the history