Feature: Plumb `SSL_get_negotiated_group()` into `boring`
cjpatton opened this issue · comments
Christopher Patton commented
This would allow us to check which key exchange algorithm was used during the TLS handshake. In particular this would allow us to verify that a PQ algorithm was chosen (one of X25519Kyber768Draft00, ...).
Available as of https://boringssl.googlesource.com/boringssl/+/6cf98208371e5c2c8b9d34ce3b8c452ea90e2963. This will require upgrading the submodule and updating the patches.