tls-crypto: Don't filter suites with specific ECDH group if any is available
Since DH groups (or with TLS < 1.3 curves) are negotiated separately, it doesn't matter which one is listed in the cipher suite as any one could be used.
This commit is contained in:
parent
85bde019d3
commit
311405c34d
|
@ -837,8 +837,10 @@ static void filter_suite(suite_algs_t suites[], int *count, int offset,
|
|||
}
|
||||
if (current.dh && current.dh != suites[i].dh)
|
||||
{
|
||||
if (suites[i].dh != MODP_NONE)
|
||||
{ /* skip DH group, does not match nor NONE */
|
||||
if (suites[i].dh != MODP_NONE &&
|
||||
!(diffie_hellman_group_is_ec(current.dh) &&
|
||||
diffie_hellman_group_is_ec(suites[i].dh)))
|
||||
{ /* skip DH group, does not match nor NONE nor both ECDH */
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue