diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2015-04-11 17:30:14 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2015-04-11 17:30:14 +0700 |
| commit | 2bfabaab3a220f93bcea8e3d0212cd995a7776f6 (patch) | |
| tree | c34d5af1d157b00ae4049c13e55afd88fcbeb5d5 | |
| parent | Update version to 1.8.0-RC.1 prior to release (diff) | |
| download | BouncyCastle.NET-ed25519-2bfabaab3a220f93bcea8e3d0212cd995a7776f6.tar.xz | |
Remove overly strict check on ECC extensions
| -rw-r--r-- | crypto/src/crypto/tls/AbstractTlsServer.cs | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsServer.cs b/crypto/src/crypto/tls/AbstractTlsServer.cs index c3e250fd8..9f549cfd1 100644 --- a/crypto/src/crypto/tls/AbstractTlsServer.cs +++ b/crypto/src/crypto/tls/AbstractTlsServer.cs @@ -165,9 +165,13 @@ namespace Org.BouncyCastle.Crypto.Tls /* * RFC 4429 4. The client MUST NOT include these extensions in the ClientHello message if it * does not propose any ECC cipher suites. + * + * NOTE: This was overly strict as there may be ECC cipher suites that we don't recognize. + * Also, draft-ietf-tls-negotiated-ff-dhe will be overloading the 'elliptic_curves' + * extension to explicitly allow FFDHE (i.e. non-ECC) groups. */ - if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null)) - throw new TlsFatalAlert(AlertDescription.illegal_parameter); + //if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null)) + // throw new TlsFatalAlert(AlertDescription.illegal_parameter); } public virtual ProtocolVersion GetServerVersion() |