From 2bfabaab3a220f93bcea8e3d0212cd995a7776f6 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Sat, 11 Apr 2015 17:30:14 +0700
Subject: Remove overly strict check on ECC extensions

---
 crypto/src/crypto/tls/AbstractTlsServer.cs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'crypto/src')

diff --git a/crypto/src/crypto/tls/AbstractTlsServer.cs b/crypto/src/crypto/tls/AbstractTlsServer.cs
index c3e250fd8..9f549cfd1 100644
--- a/crypto/src/crypto/tls/AbstractTlsServer.cs
+++ b/crypto/src/crypto/tls/AbstractTlsServer.cs
@@ -165,9 +165,13 @@ namespace Org.BouncyCastle.Crypto.Tls
             /*
              * RFC 4429 4. The client MUST NOT include these extensions in the ClientHello message if it
              * does not propose any ECC cipher suites.
+             * 
+             * NOTE: This was overly strict as there may be ECC cipher suites that we don't recognize.
+             * Also, draft-ietf-tls-negotiated-ff-dhe will be overloading the 'elliptic_curves'
+             * extension to explicitly allow FFDHE (i.e. non-ECC) groups.
              */
-            if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null))
-                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            //if (!this.mEccCipherSuitesOffered && (this.mNamedCurves != null || this.mClientECPointFormats != null))
+            //    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
         }
 
         public virtual ProtocolVersion GetServerVersion()
-- 
cgit 1.5.1