Re: Enforcing group / key_share order in TLS1.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2020-01-13 11:23:35 [+0000], Matt Caswell wrote:
> The current behaviour is that the first key share we see that also
> exists in our supported groups list is the one that we use. There isn't
> a way at the moment to configure things in order to specify a preference
> order.
> 
> https://github.com/openssl/openssl/blob/bbe486cf6154df3d3aaedbae6c5b82d4ed31a5f8/ssl/statem/extensions_srvr.c#L662-L720

Okay so there isn't a knob yet. Thank you for confirming.

> It wouldn't be too difficult to amend the above logic to select the key
> share that is highest in the server's supported group list. But that
> would be a new feature and wouldn't be backported to 1.1.1.
> 
> PRs to make that change welcome.

Thanks, done.

> Matt
> 
Sebastian



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux