Fix incompatability with (some) common TLS stack

Several sites including oracle.com seem to send extension 11
(point format) even if we (the client) did not send it. Then the
handshake fails. To workaround this problem, simply always send this
extension as the client, instead of only sending it if we wished to
support compressed points.

1 files changed, 8 insertions, 3 deletions

diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index d13bc7551..3e8a8dda9 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -43,11 +43,11 @@ Server_Hello::Server_Hello(Handshake_IO& io,
          m_extensions.add(new Encrypt_then_MAC);
       }
 
-   if(c.ecc_ciphersuite() && policy.use_ecc_point_compression())
+   if(c.ecc_ciphersuite())
       {
-      m_extensions.add(new Supported_Point_Formats());
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
       }
-      
+
    if(client_hello.secure_renegotiation())
       m_extensions.add(new Renegotiation_Extension(reneg_info));
 
@@ -107,6 +107,11 @@ Server_Hello::Server_Hello(Handshake_IO& io,
          m_extensions.add(new Encrypt_then_MAC);
       }
 
+   if(resumed_session.ciphersuite().ecc_ciphersuite())
+      {
+      m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+      }
+
    if(client_hello.secure_renegotiation())
       m_extensions.add(new Renegotiation_Extension(reneg_info));