Merge pull request #538 from gstarovo/dev

fix: point extension control only up to tls 1.2 (#538)
tlsfuzzer · Jan 2, 2025 · 5c20543 · 5c20543
2 parents c9f61d3 + efcf1e2
commit 5c20543
Showing 1 changed file with 14 additions and 13 deletions.
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -3437,19 +3437,20 @@ def _serverGetClientHello(self, settings, private_key, cert_chain,
                 yield result
 
         # sanity check the ec point formats extension
-        ecExt = clientHello.getExtension(ExtensionType.ec_point_formats)
-        if ecExt:
-            if not ecExt.formats:
-                for result in self._sendError(
-                        AlertDescription.decode_error,
-                        "Empty ec_point_formats extension"):
-                    yield result
-            if ECPointFormat.uncompressed not in ecExt.formats:
-                for result in self._sendError(
-                        AlertDescription.illegal_parameter,
-                        "Client sent ec_point_formats extension "
-                        "without uncompressed format"):
-                    yield result
+        if real_version <= (3, 3):
+            ecExt = clientHello.getExtension(ExtensionType.ec_point_formats)
+            if ecExt:
+                if not ecExt.formats:
+                    for result in self._sendError(
+                            AlertDescription.decode_error,
+                            "Empty ec_point_formats extension"):
+                        yield result
+                if ECPointFormat.uncompressed not in ecExt.formats:
+                    for result in self._sendError(
+                            AlertDescription.illegal_parameter,
+                            "Client sent ec_point_formats extension "
+                            "without uncompressed format"):
+                        yield result
 
         # sanity check the TLS 1.3 extensions
         ver_ext = clientHello.getExtension(ExtensionType.supported_versions)