Set the kex modes on the client too.
authorMatt Caswell <matt@openssl.org>
Thu, 19 Jan 2017 10:07:50 +0000 (10:07 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 30 Jan 2017 10:18:21 +0000 (10:18 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

ssl/statem/extensions_clnt.c

index 8c66332..1e6eddf 100644 (file)
@@ -516,6 +516,8 @@ int tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, X509 *x,
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, ERR_R_INTERNAL_ERROR);
         return 0;
     }
+
+    s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE;
 #endif
 
     return 1;