crypto/tls: server responds with HRR even if there is no overlap between key_share and supported_groups #65686
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Go version
go version go1.21.6 linux/amd64
Output of
go env
in your module/workspace:What did you do?
crypto/tls
, following the instructionPYTHONPATH=. python ./scripts/test-tls13-obsolete-curves.py --relaxed -a handshake_failure 'secp192r1 in key_share and secp256r1 in supported_groups (inconsistent extensions)'
)What did you see happen?
The server responds with a HelloRetryRequest.
What did you expect to see?
The server should abort the handshake with illegal_parameter alert, as suggested in RFC 8446 4.2.8:
As this is a "MAY", it might not be a strict requirement for servers though.
The text was updated successfully, but these errors were encountered: