openssl/ssl
Matt Caswell e609a4565f Fix supported_groups handing in TLSv1.2
In TLSv1.2 we should not attempt to use a supported_group value that is
intended for use with TLSv1.3 - even if both the server and the client
support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but
not for TLSv1.2.

Fixes #21081

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21274)
2023-06-27 10:50:08 +01:00
..
quic Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams 2023-06-23 14:31:45 +02:00
record Fix typos found by codespell 2023-06-15 10:11:46 +10:00
statem Don't ask for an invalid group in an HRR 2023-06-23 14:14:59 +01:00
bio_ssl.c
build.info
d1_lib.c dtls: code cleanup and refactorization 2023-04-24 14:41:47 +02:00
d1_msg.c
d1_srtp.c
event_queue.c
methods.c
pqueue.c
priority_queue.c
s3_enc.c
s3_lib.c Add SSL_get0_group_name() to get name of the group used for KEX 2023-06-06 17:03:41 +02:00
s3_msg.c
ssl_asn1.c
ssl_cert_comp.c
ssl_cert_table.h
ssl_cert.c Fix regression of no-posix-io builds 2023-04-25 11:32:20 +02:00
ssl_ciph.c Fix typo in ssl_ciph.c 2023-04-13 10:28:08 +01:00
ssl_conf.c
ssl_err_legacy.c
ssl_err.c QUIC MSST: make update 2023-05-12 14:47:13 +01:00
ssl_init.c
ssl_lib.c Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams 2023-06-23 14:31:45 +02:00
ssl_local.h Add SSL_get0_group_name() to get name of the group used for KEX 2023-06-06 17:03:41 +02:00
ssl_mcnf.c
ssl_rsa_legacy.c
ssl_rsa.c
ssl_sess.c Clear ownership when duplicating sessions 2023-05-12 10:23:29 +02:00
ssl_stat.c
ssl_txt.c
ssl_utst.c
sslerr.h
t1_enc.c
t1_lib.c Fix supported_groups handing in TLSv1.2 2023-06-27 10:50:08 +01:00
t1_trce.c Fix an SSL_trace bug 2023-05-24 12:18:33 +01:00
tls13_enc.c
tls_depr.c
tls_srp.c