-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send "supported_groups" in encrypted extensions #375
Conversation
Adds the requirement from RFC 8446 section 4.2.7: If the server has a group it prefers to the ones in the "key_share" extension but is still willing to accept the ClientHello, it SHOULD send "supported_groups" to update the client's view of its preferences; this extension SHOULD contain all groups the server supports, regardless of whether they are currently supported by the client.
Replaces current verification with a more specific one to comply with RFC 8446 section 4.2.8: If using (EC)DHE key establishment and a HelloRetryRequest containing a "key_share" extension was received by the client, the client MUST verify that the selected NamedGroup in the ServerHello is the same as that in the HelloRetryRequest. If this check fails, the client MUST abort the handshake with an "illegal_parameter" alert.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would like to have test cases for this feature.
There is no user feature. What aspect do you think should be tested? |
I was thinking of a normal scenario based on parameters selected by hand, not generated by QuickCheck. In this case, we should check that the server surely sends |
@ocheron Are you planning to add a test case? Or would you like to merge this PR as is? |
Yes I will add a test case with |
So I added |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now LGTM
Thank you |
When the group selected is not the one prefered by the server it is possible to send this extension.
On client side, we can also control not only that the group received is supported by the client, but that this is the same group for which the key share was sent.