Fix errors caught with tlsfuzzer

Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
author: Jack Lloyd <[email protected]> 2017-11-26 20:54:12 -0500
committer: Jack Lloyd <[email protected]> 2017-11-26 20:54:12 -0500
commit: d2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (patch)
tree: 405f760c63e8a56e6a005f566289c6caa0ba1585 /src/tests/data
parent: 37bfb85f612ad380686540f50c6fc5d3d3cccbc7 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt
index 1890b12b5..39564b51b 100644
--- a/src/tests/data/tls-policy/compat.txt
+++ b/src/tests/data/tls-policy/compat.txt
@@ -17,6 +17,7 @@ key_exchange_methods = CECPQ1 ECDH DH RSA
 ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
+allow_client_initiated_renegotiation = true
 allow_server_initiated_renegotiation = false
 hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
author	Jack Lloyd <[email protected]>	2017-11-26 20:54:12 -0500
committer	Jack Lloyd <[email protected]>	2017-11-26 20:54:12 -0500
commit	d2f84e5670df96dc2f8e15b7fd5cd7cc32ca7283 (patch)
tree	405f760c63e8a56e6a005f566289c6caa0ba1585 /src/tests/data
parent	37bfb85f612ad380686540f50c6fc5d3d3cccbc7 (diff)