@@ -78,6 +78,16 @@ protected String getDetailMessageNoCipherSuite()
7878 return "No selectable cipher suite" ;
7979 }
8080
81+ protected int getMaximumDefaultCurveBits ()
82+ {
83+ return NamedGroup .getCurveBits (NamedGroup .secp521r1 );
84+ }
85+
86+ protected int getMaximumDefaultFiniteFieldBits ()
87+ {
88+ return NamedGroup .getFiniteFieldBits (NamedGroup .ffdhe8192 );
89+ }
90+
8191 protected int getMaximumNegotiableCurveBits ()
8292 {
8393 int maxBits = 0 ;
@@ -96,7 +106,7 @@ protected int getMaximumNegotiableCurveBits()
96106 * extensions. In this case, the server is free to choose any one of the elliptic curves or point
97107 * formats [...].
98108 */
99- maxBits = NamedGroup . getMaximumCurveBits ();
109+ maxBits = getMaximumDefaultCurveBits ();
100110 }
101111 return maxBits ;
102112 }
@@ -121,7 +131,7 @@ protected int getMaximumNegotiableFiniteFieldBits()
121131 * entirely or contains no FFDHE groups (i.e., no codepoints between 256 and 511, inclusive), then
122132 * the server [...] MAY select an FFDHE cipher suite and offer an FFDHE group of its choice [...].
123133 */
124- maxBits = NamedGroup . getMaximumFiniteFieldBits ();
134+ maxBits = getMaximumDefaultFiniteFieldBits ();
125135 }
126136 return maxBits ;
127137 }
@@ -153,22 +163,32 @@ protected boolean selectCipherSuite(int cipherSuite) throws IOException
153163
154164 protected int selectDH (int minimumFiniteFieldBits )
155165 {
166+ boolean anyPeerFF = false ;
156167 int [] clientSupportedGroups = context .getSecurityParametersHandshake ().getClientSupportedGroups ();
157- if (clientSupportedGroups == null )
158- {
159- return selectDHDefault (minimumFiniteFieldBits );
160- }
161-
162- // Try to find a supported named group of the required size from the client's list.
163- for (int i = 0 ; i < clientSupportedGroups .length ; ++i )
168+ if (clientSupportedGroups != null )
164169 {
165- int namedGroup = clientSupportedGroups [ i ];
166- if ( NamedGroup . getFiniteFieldBits ( namedGroup ) >= minimumFiniteFieldBits )
170+ // Try to find a supported named group of the required size from the client's list.
171+ for ( int i = 0 ; i < clientSupportedGroups . length ; ++ i )
167172 {
168- return namedGroup ;
173+ int namedGroup = clientSupportedGroups [i ];
174+ anyPeerFF |= NamedGroup .isFiniteField (namedGroup );
175+
176+ if (NamedGroup .getFiniteFieldBits (namedGroup ) >= minimumFiniteFieldBits )
177+ {
178+ // This default server implementation supports all NamedGroup finite fields
179+ return namedGroup ;
180+ }
169181 }
170182 }
171-
183+ if (!anyPeerFF )
184+ {
185+ /*
186+ * RFC 7919 4. If [...] the Supported Groups extension is either absent from the ClientHello
187+ * entirely or contains no FFDHE groups (i.e., no codepoints between 256 and 511, inclusive), then
188+ * the server [...] MAY select an FFDHE cipher suite and offer an FFDHE group of its choice [...].
189+ */
190+ return selectDHDefault (minimumFiniteFieldBits );
191+ }
172192 return -1 ;
173193 }
174194
@@ -187,6 +207,11 @@ protected int selectECDH(int minimumCurveBits)
187207 int [] clientSupportedGroups = context .getSecurityParametersHandshake ().getClientSupportedGroups ();
188208 if (clientSupportedGroups == null )
189209 {
210+ /*
211+ * RFC 4492 4. A client that proposes ECC cipher suites may choose not to include these
212+ * extensions. In this case, the server is free to choose any one of the elliptic curves or point
213+ * formats [...].
214+ */
190215 return selectECDHDefault (minimumCurveBits );
191216 }
192217
@@ -196,6 +221,7 @@ protected int selectECDH(int minimumCurveBits)
196221 int namedGroup = clientSupportedGroups [i ];
197222 if (NamedGroup .getCurveBits (namedGroup ) >= minimumCurveBits )
198223 {
224+ // This default server implementation supports all NamedGroup curves
199225 return namedGroup ;
200226 }
201227 }
0 commit comments