crypto/tls: send ec_points_format extension in ServerHello

Follow the recommandation from RFC 8422, section 5.1.2 of sending back the ec_points_format extension when requested by the client. This is to fix some clients declining the handshake if omitted. Fixes #31943 Change-Id: I7b04dbac6f9af75cda094073defe081e1e9a295d Reviewed-on: https://go-review.googlesource.com/c/go/+/176418 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Olivier Poitrey <rs@rhapsodyk.net> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2025-12-08 06:10:04 +00:00 · 2019-05-09 17:31:34 -07:00 · 2019-05-09 17:31:34 -07:00 · 02a5502ab8
commit 02a5502ab8
parent 54697702e4
39 changed files with 2497 additions and 2371 deletions
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@ -196,6 +196,15 @@ Curves:
 	}
 	hs.ecdhOk = supportedCurve && supportedPointFormat

+	if supportedPointFormat {
+		// Although omiting the ec_point_formats extension is permitted, some
+		// old OpenSSL version will refuse to handshake if not present.
+		//
+		// Per RFC 4492, section 5.1.2, implementations MUST support the
+		// uncompressed point format. See golang.org/issue/31943.
+		hs.hello.supportedPoints = []uint8{pointFormatUncompressed}
+	}
+
 	foundCompression := false
 	// We only support null compression, so check that the client offered it.
 	for _, compression := range hs.clientHello.compressionMethods {