aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-02-08 08:44:48 -0500
committerJack Lloyd <[email protected]>2018-02-13 07:48:56 -0500
commit9abd3b8ac7927c40082e4e2956bdce7f5254fdea (patch)
treecb95e6d91165c0c8541286dc2de4e4b57ac7289f
parent2a9e0a9cd5aacdb74cb12e0faaa9f8f5342549c7 (diff)
Fix server use of EC point format extension
In the resumption case it would use that extension for any ECC ciphersuite, but is only allowed to do so if the client sent the extension.
-rw-r--r--src/lib/tls/msg_server_hello.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index 2d5a185f0..223bddde5 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -121,7 +121,7 @@ Server_Hello::Server_Hello(Handshake_IO& io,
m_extensions.add(new Encrypt_then_MAC);
}
- if(resumed_session.ciphersuite().ecc_ciphersuite())
+ if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS))
{
m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
}