Merge pull request #1354 from bob-beck/main

Forbid the sender from sending duplicate supported groups entries.
tlswg · Jul 7, 2024 · 7ec60a5 · 7ec60a5
2 parents 976551d + 762606e
commit 7ec60a5
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/draft-ietf-tls-rfc8446bis.md b/draft-ietf-tls-rfc8446bis.md
@@ -2246,7 +2246,9 @@ Finite Field Groups (DHE):
 {:br }
 
 Items in "named_group_list" are ordered according to the sender's
-preferences (most preferred choice first).
+preferences (most preferred choice first). The "named_group_list"
+MUST NOT contain any duplicate entries.  A recipient MAY abort a connection
+with a fatal illegal_parameter alert if it detects a duplicate entry.
 
 As of TLS 1.3, servers are permitted to send the "supported_groups"
 extension to the client. Clients MUST NOT act upon any information