Add a comment about ServerHello.supported_groups. In TLS 1.2 and below, the server is not supposed to echo it, but I just came across a BigIP server which does. Document this so we know to take care before trying to flip it in the future. (It's actually kind of odd that it wasn't allowed to be sent given TLS 1.2 makes supported_groups interact with ECDSA client certificates. Ah well.) Change-Id: I4b97266f461e85bb1ad9bb935470e027f926d4df Reviewed-on: https://boringssl-review.googlesource.com/10320 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>

commit: 4ac2dc4c0d48ca45da4f66c40e60d6b425fa94a3 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Aug 12 15:50:48 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Aug 12 20:21:39 2016 +0000
tree: 3e5ba5f9bbe7d74b514e86f64f0a69b30ac85e8b
parent: aa24851515d6280aa1d6a8b1548fe74691df3136 [diff]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5e790a4..bb345b4 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -2193,7 +2193,8 @@
 
 static int ext_supported_groups_parse_serverhello(SSL *ssl, uint8_t *out_alert,
                                                   CBS *contents) {
-  /* This extension is not expected to be echoed by servers and is ignored. */
+  /* This extension is not expected to be echoed by servers in TLS 1.2, but some
+   * BigIP servers send it nonetheless, so do not enforce this. */
   return 1;
 }
commit	4ac2dc4c0d48ca45da4f66c40e60d6b425fa94a3	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Aug 12 15:50:48 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Fri Aug 12 20:21:39 2016 +0000
tree	3e5ba5f9bbe7d74b514e86f64f0a69b30ac85e8b
parent	aa24851515d6280aa1d6a8b1548fe74691df3136 [diff]