Commit fb0a105e25 for openssl.org
commit fb0a105e25c428e6f1fa16f0ce55f9f6934080f3
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Sat Feb 7 14:25:09 2026 +1100
Fix cross-version compatibility in RFC7919 changes
- Older versions of, e.g., the FIPS provider report the minimum
TLS version of the FFDHE groups as TLS 1.3, but we now need to
support these in TLS 1.2.
- Older OpenSSL runtimes may not be prepared to support the FFDHE groups
in TLS 1.2.
Therefore, instead of changing the default and FIPS providers to
advertise these groups as TLS 1.2 compatible, leave the capabilities
unchanged, and instead adjust the min(d)tls value when processing the
provider's capabilities in the new runtime.
This ensures cross-compatibility with everything except previous master
branch dev snapshots, but that's not a concern.
Fixes: #29958
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Feb 9 08:53:54 2026
(Merged from https://github.com/openssl/openssl/pull/29962)
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index e1521dc9d8..eb96627a67 100644
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -80,11 +80,11 @@ static const TLS_GROUP_CONSTANTS group_list[] = {
/* 30 */ { OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
/* 31 */ { OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13, 192, TLS1_3_VERSION, 0, -1, -1, 0 },
/* 32 */ { OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13, 256, TLS1_3_VERSION, 0, -1, -1, 0 },
- /* 33 */ { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_VERSION, 0, -1, -1, 0 },
- /* 34 */ { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_VERSION, 0, -1, -1, 0 },
- /* 35 */ { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_VERSION, 0, -1, -1, 0 },
- /* 36 */ { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_VERSION, 0, -1, -1, 0 },
- /* 37 */ { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_VERSION, 0, -1, -1, 0 },
+ /* 33 */ { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_3_VERSION, 0, -1, -1, 0 },
+ /* 34 */ { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
+ /* 35 */ { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
+ /* 36 */ { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_3_VERSION, 0, -1, -1, 0 },
+ /* 37 */ { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1, 0 },
/* 38 */ { OSSL_TLS_GROUP_ID_mlkem512, ML_KEM_512_SECBITS, TLS1_3_VERSION, 0, -1, -1, 1 },
/* 39 */ { OSSL_TLS_GROUP_ID_mlkem768, ML_KEM_768_SECBITS, TLS1_3_VERSION, 0, -1, -1, 1 },
/* 40 */ { OSSL_TLS_GROUP_ID_mlkem1024, ML_KEM_1024_SECBITS, TLS1_3_VERSION, 0, -1, -1, 1 },
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index aca0bc6398..cdf75bb22d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -327,6 +327,15 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
+
+ if (ginf->group_id >= OSSL_TLS_GROUP_ID_ffdhe2048
+ && ginf->group_id <= OSSL_TLS_GROUP_ID_ffdhe8192) {
+ if (ginf->mintls > TLS1_2_VERSION)
+ ginf->mintls = TLS1_VERSION;
+ if (DTLS_VERSION_GT(ginf->mindtls, DTLS1_2_VERSION))
+ ginf->mindtls = DTLS1_VERSION;
+ }
+
/*
* Now check that the algorithm is actually usable for our property query
* string. Regardless of the result we still return success because we have