openssl/ssl
Matt Caswell 6f54ae7a90 Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

(cherry picked from commit de4dc59802)
2018-11-12 11:19:58 +00:00
..
record Properly handle duplicated messages from the next epoch 2018-10-26 14:28:18 +01:00
statem Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable 2018-11-12 11:19:58 +00:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info
d1_lib.c Buffer a ClientHello with a cookie received via DTLSv1_listen 2018-10-19 14:29:52 +01:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Update copyright year 2018-04-17 15:18:40 +02:00
packet_locl.h Update copyright year 2018-09-11 13:45:17 +01:00
pqueue.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
s3_cbc.c Fix tls_cbc_digest_record is slow using SHA-384 and short messages 2018-10-19 08:32:44 +10:00
s3_enc.c ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac. 2018-10-12 21:04:49 +02:00
s3_lib.c Fix a mem leak on error in the PSK code 2018-08-30 09:50:29 +08:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c Don't use OPENSSL_strdup() for copying alpn_selected 2018-06-21 11:07:45 +01:00
ssl_cert.c Unbreak SECLEVEL 3 regression causing it to not accept any ciphers. 2018-11-10 21:30:27 +01:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c ssl/ssl_ciph.c: make set_ciphersuites static 2018-09-18 09:33:09 +02:00
ssl_conf.c Add the ability to configure anti-replay via SSL_CONF 2018-07-02 15:06:12 +01:00
ssl_err.c Fix some TLSv1.3 alert issues 2018-07-31 09:31:50 +01:00
ssl_init.c Fix setting of ssl_strings_inited. 2018-08-07 15:08:03 -04:00
ssl_lib.c Fix return formatting. 2018-11-06 07:09:00 +10:00
ssl_locl.h Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable 2018-11-12 11:19:58 +00:00
ssl_mcnf.c Move the loading of the ssl_conf module to libcrypto 2018-04-05 15:30:12 +01:00
ssl_rsa.c Update copyright year 2018-03-20 13:08:46 +00:00
ssl_sess.c ssl/*: switch to switch to Thread-Sanitizer-friendly primitives. 2018-08-07 09:08:23 +02:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Address coverity-reported NULL dereference in SSL_SESSION_print() 2018-07-01 18:20:11 -05:00
ssl_utst.c
t1_enc.c Ensure that we write out alerts correctly after early_data 2018-08-08 10:16:58 +01:00
t1_lib.c Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable 2018-11-12 11:19:58 +00:00
t1_trce.c Fix ssl/t1_trce.c to parse certificate chains 2018-09-01 08:58:42 +08:00
tls13_enc.c Reduce stack usage in tls13_hkdf_expand 2018-09-24 16:01:48 +02:00
tls_srp.c Use the private RNG for data that is not public 2018-04-02 22:22:43 +02:00