Don't False Start with DHE.
BUG=460271
Change-Id: Ic233511114012149e4a1074470c16bd9f701cf5a
Reviewed-on: https://boringssl-review.googlesource.com/4192
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d070e82..ce90f4d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2895,14 +2895,12 @@
int ssl3_can_false_start(const SSL *s) {
const SSL_CIPHER *const cipher = SSL_get_current_cipher(s);
- /* False Start only for TLS 1.2 with a forward-secure, AEAD cipher and ALPN or
- * NPN. */
+ /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
return !SSL_IS_DTLS(s) &&
SSL_version(s) >= TLS1_2_VERSION &&
(s->s3->alpn_selected || s->s3->next_proto_neg_seen) &&
cipher != NULL &&
- (cipher->algorithm_mkey == SSL_kEDH ||
- cipher->algorithm_mkey == SSL_kEECDH) &&
+ cipher->algorithm_mkey == SSL_kEECDH &&
(cipher->algorithm_enc == SSL_AES128GCM ||
cipher->algorithm_enc == SSL_AES256GCM ||
cipher->algorithm_enc == SSL_CHACHA20POLY1305);