diff options
author | Tobias Heider <tobhe@cvs.openbsd.org> | 2021-10-12 10:02:00 +0000 |
---|---|---|
committer | Tobias Heider <tobhe@cvs.openbsd.org> | 2021-10-12 10:02:00 +0000 |
commit | e485a94a98a67eb3bdbfd5bdccb8c0f301bf9882 (patch) | |
tree | 18596c6135d03dada48054026df5db8dc57381af /sys | |
parent | 85d4e994fb2d7a79a137508db85120226fc9922a (diff) |
Change responder to prefer DH group from KE payload.
Without this change the responder would always prefer the first DH
group configured in its policy. This would lead to invalid KE
messages that cause an additional exchange which old
implementations do not support correctly. Now we ignore the order
of DH groups in the policy and prefer the group from the policy
that matches the KE payload.
from markus@
ok patrick@
Diffstat (limited to 'sys')
0 files changed, 0 insertions, 0 deletions