diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-09 12:12:56 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-03-23 20:51:34 +0100 |
commit | 3495f992b8b4cd50f1136edcc2f66b53e701980d (patch) | |
tree | 71413dc70e61e09515124d19c90bcf5bc13a9a2a /lib/gnutls_int.h | |
parent | 72441365445ee41795710a4685d784d20aef38be (diff) | |
download | gnutls-3495f992b8b4cd50f1136edcc2f66b53e701980d.tar.gz |
_gnutls_supported_ecc_recv_params: take into account precedence
That is, when %SERVER_PRECEDENCE is given in the priority string make
sure that the negotiated curve of DH group respects the server's priorities.
That's very relevant under TLS1.3 as ciphersuite negotiation itself, where
%SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC
unlike TLS1.2 which included key exchange as well.
Resolves #378
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/gnutls_int.h')
-rw-r--r-- | lib/gnutls_int.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 1d75c4a09f..e926b3d0fe 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1272,9 +1272,12 @@ typedef struct { * receive size */ unsigned max_recv_size; - /* candidate groups to be selected for security params groups */ + /* candidate groups to be selected for security params groups, they are + * prioritized in isolation under TLS1.2 */ const gnutls_group_entry_st *cand_ec_group; const gnutls_group_entry_st *cand_dh_group; + /* used under TLS1.3+ */ + const gnutls_group_entry_st *cand_group; /* the ciphersuite received in HRR */ uint8_t hrr_cs[2]; |