aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/tls/msg_client_hello.cpp16
-rw-r--r--src/lib/tls/msg_server_hello.cpp11
-rw-r--r--src/lib/tls/tls_extensions.cpp11
-rw-r--r--src/lib/tls/tls_extensions.h3
4 files changed, 26 insertions, 15 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index 50c83c10c..2a42e1144 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -116,10 +116,10 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
- if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression())
- {
- m_extensions.add(new Supported_Point_Formats());
- }
+ if(!policy.allowed_ecc_curves().empty())
+ {
+ m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+ }
if(m_version.supports_negotiable_signature_algorithms())
m_extensions.add(new Signature_Algorithms(policy.allowed_signature_hashes(),
@@ -165,10 +165,10 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_extensions.add(new Session_Ticket(session.session_ticket()));
m_extensions.add(new Supported_Elliptic_Curves(policy.allowed_ecc_curves()));
- if(!policy.allowed_ecc_curves().empty() && policy.use_ecc_point_compression())
- {
- m_extensions.add(new Supported_Point_Formats());
- }
+ if(!policy.allowed_ecc_curves().empty())
+ {
+ m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+ }
if(session.supports_encrypt_then_mac())
m_extensions.add(new Encrypt_then_MAC);
diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp
index d13bc7551..3e8a8dda9 100644
--- a/src/lib/tls/msg_server_hello.cpp
+++ b/src/lib/tls/msg_server_hello.cpp
@@ -43,11 +43,11 @@ Server_Hello::Server_Hello(Handshake_IO& io,
m_extensions.add(new Encrypt_then_MAC);
}
- if(c.ecc_ciphersuite() && policy.use_ecc_point_compression())
+ if(c.ecc_ciphersuite())
{
- m_extensions.add(new Supported_Point_Formats());
+ m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
}
-
+
if(client_hello.secure_renegotiation())
m_extensions.add(new Renegotiation_Extension(reneg_info));
@@ -107,6 +107,11 @@ Server_Hello::Server_Hello(Handshake_IO& io,
m_extensions.add(new Encrypt_then_MAC);
}
+ if(resumed_session.ciphersuite().ecc_ciphersuite())
+ {
+ m_extensions.add(new Supported_Point_Formats(policy.use_ecc_point_compression()));
+ }
+
if(client_hello.secure_renegotiation())
m_extensions.add(new Renegotiation_Extension(reneg_info));
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index f8eef5ac6..712527fc4 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -384,10 +384,15 @@ Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader,
std::vector<byte> Supported_Point_Formats::serialize() const
{
- // if we send this extension, we prefer compressed points,
- // otherwise we don't send it (which is equal to supporting only uncompressed)
// if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1)
- return std::vector<byte>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED};
+ if(m_prefers_compressed)
+ {
+ return std::vector<byte>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED};
+ }
+ else
+ {
+ return std::vector<byte>{1, UNCOMPRESSED};
+ }
}
Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader,
diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h
index d69e40a60..119170797 100644
--- a/src/lib/tls/tls_extensions.h
+++ b/src/lib/tls/tls_extensions.h
@@ -276,7 +276,8 @@ class Supported_Point_Formats final : public Extension
std::vector<byte> serialize() const override;
- explicit Supported_Point_Formats() : m_prefers_compressed(true) {}
+ explicit Supported_Point_Formats(bool prefer_compressed) :
+ m_prefers_compressed(prefer_compressed) {}
Supported_Point_Formats(TLS_Data_Reader& reader,
u16bit extension_size);