openssl/ssl
Matt Caswell e609a4565f Fix supported_groups handing in TLSv1.2
In TLSv1.2 we should not attempt to use a supported_group value that is
intended for use with TLSv1.3 - even if both the server and the client
support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but
not for TLSv1.2.

Fixes #21081

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
2023-06-27 10:50:08 +01:00
..
quic Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams 2023-06-23 14:31:45 +02:00
record Fix typos found by codespell 2023-06-15 10:11:46 +10:00
statem Don't ask for an invalid group in an HRR 2023-06-23 14:14:59 +01:00
bio_ssl.c Add BIO poll descriptors 2023-01-13 13:20:14 +00:00
build.info Revise build.info 2023-03-30 11:14:17 +01:00
d1_lib.c dtls: code cleanup and refactorization 2023-04-24 14:41:47 +02:00
d1_msg.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
d1_srtp.c SSL object refactoring using SSL_CONNECTION object 2022-07-28 10:04:28 +01:00
event_queue.c Make OSSL_TIME a structure 2022-08-12 15:44:01 +01:00
methods.c Update some inclusions of <openssl/macros.h> 2019-11-07 11:37:25 +01:00
pqueue.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
priority_queue.c compute_pqueue_growth(): Fix the return type 2023-01-27 16:11:38 +01:00
s3_enc.c Extend the new_record_layer function 2023-01-24 17:16:29 +00:00
s3_lib.c Add SSL_get0_group_name() to get name of the group used for KEX 2023-06-06 17:03:41 +02:00
s3_msg.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
ssl_asn1.c RFC7250 (RPK) support 2023-03-28 13:49:54 -04:00
ssl_cert_comp.c Add zlib oneshot compression 2022-11-07 11:23:13 +01:00
ssl_cert_table.h first cut at sigalg loading 2023-02-24 11:02:48 +11:00
ssl_cert.c Fix regression of no-posix-io builds 2023-04-25 11:32:20 +02:00
ssl_ciph.c Fix typo in ssl_ciph.c 2023-04-13 10:28:08 +01:00
ssl_conf.c SSL_conf_cmd: add support for IgnoreUnexpectedEOF 2023-01-30 09:37:00 +01:00
ssl_err_legacy.c Update copyright year 2021-06-17 13:24:59 +01:00
ssl_err.c QUIC MSST: make update 2023-05-12 14:47:13 +01:00
ssl_init.c err: get rid of err_free_strings_int() 2022-05-10 09:47:54 +02:00
ssl_lib.c Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams 2023-06-23 14:31:45 +02:00
ssl_local.h Add SSL_get0_group_name() to get name of the group used for KEX 2023-06-06 17:03:41 +02:00
ssl_mcnf.c SSL: refactor all SSLfatal() calls 2020-11-11 12:12:23 +01:00
ssl_rsa_legacy.c Deprecate RSA harder 2020-11-18 23:38:34 +01:00
ssl_rsa.c first cut at sigalg loading 2023-02-24 11:02:48 +11:00
ssl_sess.c Clear ownership when duplicating sessions 2023-05-12 10:23:29 +02:00
ssl_stat.c Add support for compressed certificates (RFC8879) 2022-10-18 09:30:22 -04:00
ssl_txt.c Cast values to match printf format strings. 2022-11-14 07:47:53 +00:00
ssl_utst.c Remove the old buffer management code 2022-10-20 14:39:33 +01:00
sslerr.h Provide better errors for some QUIC failures 2023-03-20 09:35:38 +11:00
t1_enc.c Extend the new_record_layer function 2023-01-24 17:16:29 +00:00
t1_lib.c Fix supported_groups handing in TLSv1.2 2023-06-27 10:50:08 +01:00
t1_trce.c Fix an SSL_trace bug 2023-05-24 12:18:33 +01:00
tls13_enc.c Add an initial QUIC-TLS implementation 2023-01-24 17:16:29 +00:00
tls_depr.c SSL object refactoring using SSL_CONNECTION object 2022-07-28 10:04:28 +01:00
tls_srp.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00