diff options
author | Jack Lloyd <[email protected]> | 2018-02-08 08:44:48 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-02-13 07:48:56 -0500 |
commit | 9abd3b8ac7927c40082e4e2956bdce7f5254fdea (patch) | |
tree | cb95e6d91165c0c8541286dc2de4e4b57ac7289f | |
parent | 2a9e0a9cd5aacdb74cb12e0faaa9f8f5342549c7 (diff) |
Fix server use of EC point format extension
In the resumption case it would use that extension for any ECC ciphersuite,
but is only allowed to do so if the client sent the extension.
-rw-r--r-- | src/lib/tls/msg_server_hello.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 2d5a185f0..223bddde5 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -121,7 +121,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); } - if(resumed_session.ciphersuite().ecc_ciphersuite()) + if(resumed_session.ciphersuite().ecc_ciphersuite() && client_hello.extension_types().count(TLSEXT_EC_POINT_FORMATS)) { m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression())); } |