diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cea8ab53a..f854ef1df 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1735,7 +1735,7 @@ static inline int mbedtls_ssl_named_group_is_ecdhe( uint16_t named_group ) * RFC 4492 section 5.1.1 */ return( named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_SECT163K1 && - named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1 ); + named_group < MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 ); } static inline int mbedtls_ssl_tls13_named_group_is_ecdhe( uint16_t named_group ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 691c0e7d5..b060e7b46 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6585,7 +6585,7 @@ run_test "Force a non ECC ciphersuite in the client side" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 0 \ - -C "client hello, adding supported_elliptic_curves extension" \ + -C "client hello, adding supported_groups extension" \ -C "client hello, adding supported_point_formats extension" \ -S "found supported elliptic curves extension" \ -S "found supported point formats extension" @@ -6609,7 +6609,7 @@ run_test "Force an ECC ciphersuite in the client side" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 0 \ - -c "client hello, adding supported_elliptic_curves extension" \ + -c "client hello, adding supported_groups extension" \ -c "client hello, adding supported_point_formats extension" \ -s "found supported elliptic curves extension" \ -s "found supported point formats extension"