From 1ba1a1ceca4501b673bfc56b15f1063ce35afe4e Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 9 Nov 2018 10:10:25 -0500
Subject: Always declare groups when building with openssl 1.1.1 APIs

Failing to do on clients was causing TLS 1.3 negotiation to fail.

Fixes bug 28245; bugfix on 0.2.9.15, when we added TLS 1.3 support.
---
 changes/bug28245 | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 changes/bug28245

(limited to 'changes')

diff --git a/changes/bug28245 b/changes/bug28245
new file mode 100644
index 0000000000..d7e6deb810
--- /dev/null
+++ b/changes/bug28245
@@ -0,0 +1,6 @@
+  o Major bugfixes (OpenSSL, portability):
+    - Fix our usage of named groups when running as a TLS 1.3 client in
+      OpenSSL 1.1.1. Previously, we only initialized EC groups when running
+      as a server, which caused clients to fail to negotiate TLS 1.3 with
+      relays. Fixes bug 28245; bugfix on 0.2.9.15 when TLS 1.3 support was
+      added.
-- 
cgit v1.2.3-54-g00ecf