From 8c55d3f17a88a919df1a86430b59f6d8fe816fb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Tue, 21 May 2019 15:46:41 +0200
Subject: ssl: Generate only one key_share entry (client)

Change default behavior to only send key_share entry for the most
preferred group in ClientHello.
---
 lib/ssl/src/tls_connection.erl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 9c8c3b9352..aec58a27eb 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -1293,9 +1293,10 @@ maybe_generate_client_shares(#ssl_options{
                             versions = [Version|_],
                             supported_groups =
                                 #supported_groups{
-                                  supported_groups = Groups}})
+                                  supported_groups = [Group|_]}})
   when Version =:= {3,4} ->
-    ssl_cipher:generate_client_shares(Groups);
+    %% Generate only key_share entry for the most preferred group
+    ssl_cipher:generate_client_shares([Group]);
 maybe_generate_client_shares(_) ->
     undefined.
 
-- 
cgit v1.2.3