Add a comment about ServerHello.supported_groups.

In TLS 1.2 and below, the server is not supposed to echo it, but I just came across a BigIP server which does. Document this so we know to take care before trying to flip it in the future. (It's actually kind of odd that it wasn't allowed to be sent given TLS 1.2 makes supported_groups interact with ECDSA client certificates. Ah well.) Change-Id: I4b97266f461e85bb1ad9bb935470e027f926d4df Reviewed-on: https://boringssl-review.googlesource.com/10320 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>
2016-08-12 15:50:48 -04:00 · 2016-08-12 15:50:48 -04:00 · 4ac2dc4c0d
commit 4ac2dc4c0d
parent aa24851515
1 changed files with 2 additions and 1 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -2193,7 +2193,8 @@ static int ext_supported_groups_add_clienthello(SSL *ssl, CBB *out) {

 static int ext_supported_groups_parse_serverhello(SSL *ssl, uint8_t *out_alert,
                                                  CBS *contents) {
-  /* This extension is not expected to be echoed by servers and is ignored. */
+  /* This extension is not expected to be echoed by servers in TLS 1.2, but some
+   * BigIP servers send it nonetheless, so do not enforce this. */
  return 1;
 }