projects / strongswan.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
tls-crypto: Don't filter suites with specific ECDH group if any is available
[strongswan.git] / src / libtls / tls_crypto.c
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 07d5ce7..d7faa4e 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -837,8 +837,10 @@ static void filter_suite(suite_algs_t suites[], int *count, int offset,
                        }
                        if (current.dh && current.dh != suites[i].dh)
                        {
-                               if (suites[i].dh != MODP_NONE)
-                               {       /* skip DH group, does not match nor NONE */
+                               if (suites[i].dh != MODP_NONE &&
+                                       !(diffie_hellman_group_is_ec(current.dh) &&
+                                         diffie_hellman_group_is_ec(suites[i].dh)))
+                               {       /* skip DH group, does not match nor NONE nor both ECDH */
                                        continue;
                                }
                        }
strongSwan - IPsec VPN