ssl: Generate only one key_share entry (client)

Change default behavior to only send key_share entry for the most preferred group in ClientHello.
author: Péter Dimitrov <[email protected]> 2019-05-21 15:46:41 +0200
committer: Péter Dimitrov <[email protected]> 2019-05-21 15:54:43 +0200
commit: 8c55d3f17a88a919df1a86430b59f6d8fe816fb8 (patch)
tree: 45ef033eedd43002eab3eefd530f8ed769b91c26
parent: e69cc5de116420ee861dab9dca1481a2f32909d1 (diff)
download: otp-8c55d3f17a88a919df1a86430b59f6d8fe816fb8.tar.gz
otp-8c55d3f17a88a919df1a86430b59f6d8fe816fb8.tar.bz2
otp-8c55d3f17a88a919df1a86430b59f6d8fe816fb8.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 9c8c3b9352..aec58a27eb 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -1293,9 +1293,10 @@ maybe_generate_client_shares(#ssl_options{
                             versions = [Version|_],
                             supported_groups =
                                 #supported_groups{
-                                  supported_groups = Groups}})
+                                  supported_groups = [Group|_]}})
   when Version =:= {3,4} ->
-    ssl_cipher:generate_client_shares(Groups);
+    %% Generate only key_share entry for the most preferred group
+    ssl_cipher:generate_client_shares([Group]);
 maybe_generate_client_shares(_) ->
     undefined.
author	Péter Dimitrov <[email protected]>	2019-05-21 15:46:41 +0200
committer	Péter Dimitrov <[email protected]>	2019-05-21 15:54:43 +0200
commit	8c55d3f17a88a919df1a86430b59f6d8fe816fb8 (patch)
tree	45ef033eedd43002eab3eefd530f8ed769b91c26
parent	e69cc5de116420ee861dab9dca1481a2f32909d1 (diff)
download	otp-8c55d3f17a88a919df1a86430b59f6d8fe816fb8.tar.gz otp-8c55d3f17a88a919df1a86430b59f6d8fe816fb8.tar.bz2 otp-8c55d3f17a88a919df1a86430b59f6d8fe816fb8.zip