From 2d8b7ac8985416a209683e6f602d04f226e48620 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 20 Jul 2022 16:21:43 +0200 Subject: [PATCH] TLS 1.3: Fix selected key exchange mode check ECDHE operations have to be done in ephemeral and PSK-ephemeral key exchange mode, not just ephemeral key exhange mode. Signed-off-by: Ronald Cron --- library/ssl_tls13_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 51743bb395..aeaeb3dd9c 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1237,7 +1237,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) * client_handshake_traffic_secret and server_handshake_traffic_secret * are derived in the handshake secret derivation stage. */ - if( mbedtls_ssl_tls13_ephemeral_enabled( ssl ) ) + if( mbedtls_ssl_tls13_some_ephemeral_enabled( ssl ) ) { if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) ) {