crypto/tls: pick the first group the client sent a key share for
Fixes NCC-2016-002
This commit is contained in:
Filippo Valsorda
Peter Wu
parent
831410a948
commit
3e31621f57
3
13.go
3
13.go
@ -31,11 +31,12 @@ func (hs *serverHandshakeState) doTLS13Handshake() error {
|
|||||||
// that the client provided a keyShare for, so to avoid a round-trip.
|
// that the client provided a keyShare for, so to avoid a round-trip.
|
||||||
// After that the order of CurvePreferences is respected.
|
// After that the order of CurvePreferences is respected.
|
||||||
var ks keyShare
|
var ks keyShare
|
||||||
|
CurvePreferenceLoop:
|
||||||
for _, curveID := range config.curvePreferences() {
|
for _, curveID := range config.curvePreferences() {
|
||||||
for _, keyShare := range hs.clientHello.keyShares {
|
for _, keyShare := range hs.clientHello.keyShares {
|
||||||
if curveID == keyShare.group {
|
if curveID == keyShare.group {
|
||||||
ks = keyShare
|
ks = keyShare
|
||||||
break
|
break CurvePreferenceLoop
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user