aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/data/tls-policy/compat.txt
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-11-26 20:54:12 -0500
committerJack Lloyd <[email protected]>2017-11-26 20:54:12 -0500
commitd2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (patch)
tree405f760c63e8a56e6a005f566289c6caa0ba1585 /src/tests/data/tls-policy/compat.txt
parent37bfb85f612ad380686540f50c6fc5d3d3cccbc7 (diff)
Fix errors caught with tlsfuzzer
Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
Diffstat (limited to 'src/tests/data/tls-policy/compat.txt')
-rw-r--r--src/tests/data/tls-policy/compat.txt1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt
index 1890b12b5..39564b51b 100644
--- a/src/tests/data/tls-policy/compat.txt
+++ b/src/tests/data/tls-policy/compat.txt
@@ -17,6 +17,7 @@ key_exchange_methods = CECPQ1 ECDH DH RSA
ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
allow_insecure_renegotiation = false
include_time_in_hello_random = true
+allow_client_initiated_renegotiation = true
allow_server_initiated_renegotiation = false
hide_unknown_users = false
server_uses_own_ciphersuite_preferences = true