tls-server: Support HelloRetryRequest (HRR)
authorPascal Knecht <pascal.knecht@hsr.ch>
Sat, 26 Sep 2020 11:17:43 +0000 (13:17 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 13:35:23 +0000 (14:35 +0100)
commitc3e71324682a14ffb25c54566bc09d610562ce9b
treed83f1f52dbac2f80d830a50074f9b8df3eeae9a7
parente53bee9dbea3c0d64253914da1d4b36165dce595
tls-server: Support HelloRetryRequest (HRR)

Adds support to request and handle retries with a different DH group.

Only the first key share extension sent by the client is currently
considered, so this might result in protocol errors if the server requests
a group for which the client already sent a key share.
src/libtls/tls_server.c