No common ciphersuit when FFDHE and ECDHE ciphersuites are available on server and client using TLS 1.2

[Taowyoo]

Bug description

When FFDHE and ECDHE ciphersuites are available on server and client when common version is TLS 1.2. Server will fail to choose common ciphersuite.

See:

rustls/rustls/src/server/hs.rs

Lines 479 to 482 in fb67f01

	// And key exchange groups
	&& (!ecdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::ECDHE))
	&& (!ffdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::DHE))
	});

It is obvious that no suite cannot support DHE and ECDHE KeyExchangeAlgorithm at same time when ecdhe_possible and ffdhe_possible are true.

Need backport

versions:

• 0.23

[Taowyoo]

Created PR for fixing this: #1861

Notice, you could produce the error by revertting the fix code in src and run

cargo test --test api_ffdhe server_avoids_cipher_suite_with_no_common_kx_groups

[djc]

Is this a regression (presumably from #1784), or has this been broken since the introduction of FFDHE support?

[Taowyoo]

@djc After testing, it's a regression from #1784.
My testing branch:

• https://github.com/fortanix/rustls/tree/yx/test-dhe
• https://github.com/fortanix/rustls/tree/yx/test-dhe-after-1784

[ctz]

https://crates.io/crates/rustls/0.23.3 was released yesterday containing the fix for this.