We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When FFDHE and ECDHE ciphersuites are available on server and client when common version is TLS 1.2. Server will fail to choose common ciphersuite.
See:
rustls/rustls/src/server/hs.rs
Lines 479 to 482 in fb67f01
It is obvious that no suite cannot support DHE and ECDHE KeyExchangeAlgorithm at same time when ecdhe_possible and ffdhe_possible are true.
ecdhe_possible
ffdhe_possible
versions:
The text was updated successfully, but these errors were encountered:
Created PR for fixing this: #1861
Notice, you could produce the error by revertting the fix code in src and run
src
cargo test --test api_ffdhe server_avoids_cipher_suite_with_no_common_kx_groups
Sorry, something went wrong.
Is this a regression (presumably from #1784), or has this been broken since the introduction of FFDHE support?
@djc After testing, it's a regression from #1784. My testing branch:
https://crates.io/crates/rustls/0.23.3 was released yesterday containing the fix for this.
No branches or pull requests
Bug description
When FFDHE and ECDHE ciphersuites are available on server and client when common version is TLS 1.2. Server will fail to choose common ciphersuite.
See:
rustls/rustls/src/server/hs.rs
Lines 479 to 482 in fb67f01
It is obvious that no suite cannot support DHE and ECDHE KeyExchangeAlgorithm at same time when
ecdhe_possible
andffdhe_possible
are true.Need backport
versions:
The text was updated successfully, but these errors were encountered: