summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorTobias Heider <tobhe@cvs.openbsd.org>2021-10-12 10:02:00 +0000
committerTobias Heider <tobhe@cvs.openbsd.org>2021-10-12 10:02:00 +0000
commite485a94a98a67eb3bdbfd5bdccb8c0f301bf9882 (patch)
tree18596c6135d03dada48054026df5db8dc57381af /sys
parent85d4e994fb2d7a79a137508db85120226fc9922a (diff)
Change responder to prefer DH group from KE payload.
Without this change the responder would always prefer the first DH group configured in its policy. This would lead to invalid KE messages that cause an additional exchange which old implementations do not support correctly. Now we ignore the order of DH groups in the policy and prefer the group from the policy that matches the KE payload. from markus@ ok patrick@
Diffstat (limited to 'sys')
0 files changed, 0 insertions, 0 deletions