Check for kECDH with extensions.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 30 Jun 2015 15:39:41 +0000 (16:39 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 30 Jul 2015 13:43:35 +0000 (14:43 +0100)
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/t1_lib.c

index f5575e0..a91e152 100644 (file)
@@ -1157,7 +1157,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
 
             alg_k = c->algorithm_mkey;
             alg_a = c->algorithm_auth;
-            if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)
+            if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)
                  || (alg_a & SSL_aECDSA))) {
                 using_ecc = 1;
                 break;