CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2020/01/23 03:40:59
Modified files: lib/libssl : s3_lib.c ssl_lib.c ssl_locl.h tls13_lib.c Log message: Correctly handle TLSv1.3 ciphers suites in ssl3_choose_cipher(). Currently, TLSv1.3 cipher suites are filtered out by the fact that they have authentication and key exchange algorithms that are not being set in ssl_set_cert_masks(). Fix this so that ssl3_choose_cipher() works for TLSv1.3, however we also now need to ensure that we filter out TLSv1.3 for non-TLSv1.3 and only select TLSv1.3 for TLSv1.3. ok beck@ tb@