_gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2

Under TLS1.3 there is no requirement to return insufficient security depending
on the FFDHE group negotiation.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 2 insertions, 2 deletions

diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index ac1fdf9f41..4e840bdd8b 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -1581,7 +1581,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session,
 	 * incompatible certificate which we traditionally return GNUTLS_E_INSUFFICIENT_SECURITY.
 	 */
 	if (!no_cert_found && (session->internals.hsk_flags & HSK_HAVE_FFDHE) &&
-	    session->internals.priorities->groups.have_ffdhe)
+	    session->internals.priorities->groups.have_ffdhe && !version->tls13_sem)
 		return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY);
 	else
 		return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES);
diff --git a/tests/psk-file.c b/tests/psk-file.c
index e1e058ffe9..5bd01e42ce 100644
--- a/tests/psk-file.c
+++ b/tests/psk-file.c
@@ -381,7 +381,7 @@ void doit(void)
 		  "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:%SERVER_PRECEDENCE:-GROUP-DH-ALL",
 		  "jas", &key, 0, GNUTLS_KX_PSK, 0, 0);
 	/* try with PRF that doesn't match binder (SHA256) */
-	run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, "jas", &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_SECURITY);
+	run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, "jas", &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_CIPHER_SUITES);
 	/* try with no groups and PSK */
 	run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-GROUP-ALL", "jas", &key, 0, 0);
 	/* try without any groups but DHE-PSK */