diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2015-04-11 17:30:14 +0700 |
|---|---|---|
| committer | Jeffrey Stedfast <jeff@xamarin.com> | 2015-05-07 10:16:28 -0400 |
| commit | 14d36be3439b7a93ab97ec4f61f08236ee00b2ad (patch) | |
| tree | ee84c8fb8485c6fe426f790ce3b6c73a6af7320e | |
| parent | Merge branch 'master' into vs2010 (diff) | |
| download | BouncyCastle.NET-ed25519-14d36be3439b7a93ab97ec4f61f08236ee00b2ad.tar.xz | |
Remove overly strict check on ECC extensions
| -rw-r--r-- | crypto/src/crypto/tls/AbstractTlsServer.cs | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsServer.cs b/crypto/src/crypto/tls/AbstractTlsServer.cs index c3e250fd8..9f549cfd1 100644 --- a/crypto/src/crypto/tls/AbstractTlsServer.cs +++ b/crypto/src/crypto/tls/AbstractTlsServer.cs @@ -165,9 +165,13 @@ namespace Org.BouncyCastle.Crypto.Tls /* * RFC 4429 4. The client MUST NOT include these extensions in the ClientHello message if it * does not propose any ECC cipher suites. + * + * NOTE: This was overly strict as there may be ECC cipher suites that we don't recognize. + * Also, draft-ietf-tls-negotiated-ff-dhe will be overloading the 'elliptic_curves' + * extension to explicitly allow FFDHE (i.e. non-ECC) groups. */ - if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null)) - throw new TlsFatalAlert(AlertDescription.illegal_parameter); + //if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null)) + // throw new TlsFatalAlert(AlertDescription.illegal_parameter); } public virtual ProtocolVersion GetServerVersion() |