Revision - 4264ecd - Don't offer or accept ciphersuites that we can't support

Revision 4264ecd4cebf7cee4bd437f1739e9f4297ae5b70 authored by Matt Caswell on 01 May 2020, 08:17:40 UTC, committed by Matt Caswell on 06 May 2020, 10:49:59 UTC

Don't offer or accept ciphersuites that we can't support

We were not correctly detecting whether TLSv1.3 ciphersuites could
actually be supported by the available provider implementations. For
example a FIPS client would still offer CHACHA20-POLY1305 based
ciphersuites even though it couldn't actually use them. Similarly on
the server would try to use CHACHA20-POLY1305 and then fail the
handshake.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11700)

1 parent 15dd075

Files
Changes

Permalinks

README

Developer files
===============

Here are all kinds of things that an OpenSSL developer might need or
might choose to use.  Some of them demand access to OpenSSL's
infrastructure, others are simply practical.

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...