diff options
author | Jack Lloyd <[email protected]> | 2017-11-26 20:54:12 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-26 20:54:12 -0500 |
commit | d2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (patch) | |
tree | 405f760c63e8a56e6a005f566289c6caa0ba1585 /src/tests/data/tls-policy/compat.txt | |
parent | 37bfb85f612ad380686540f50c6fc5d3d3cccbc7 (diff) |
Fix errors caught with tlsfuzzer
Don't send EC point format extension in server hello unless an EC
suite was negotiated *and* the client sent the extension.
Fix server FFDHE logic, this effectively disabled DHE ciphersuites
for clients without FFDHE extension.
Use unexpected_message alert in case of an unexpected message.
(Previously an internal_error alert was sent.)
Diffstat (limited to 'src/tests/data/tls-policy/compat.txt')
-rw-r--r-- | src/tests/data/tls-policy/compat.txt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt index 1890b12b5..39564b51b 100644 --- a/src/tests/data/tls-policy/compat.txt +++ b/src/tests/data/tls-policy/compat.txt @@ -17,6 +17,7 @@ key_exchange_methods = CECPQ1 ECDH DH RSA ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 allow_insecure_renegotiation = false include_time_in_hello_random = true +allow_client_initiated_renegotiation = true allow_server_initiated_renegotiation = false hide_unknown_users = false server_uses_own_ciphersuite_preferences = true |