CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2020/01/23 03:40:59
Modified files:
lib/libssl : s3_lib.c ssl_lib.c ssl_locl.h tls13_lib.c
Log message:
Correctly handle TLSv1.3 ciphers suites in ssl3_choose_cipher().
Currently, TLSv1.3 cipher suites are filtered out by the fact that
they have authentication and key exchange algorithms that are not
being set in ssl_set_cert_masks(). Fix this so that ssl3_choose_cipher()
works for TLSv1.3, however we also now need to ensure that we filter out
TLSv1.3 for non-TLSv1.3 and only select TLSv1.3 for TLSv1.3.
ok beck@ tb@
