diff --git a/src/tls.c b/src/tls.c index 1d3f357ac..3d037af10 100644 --- a/src/tls.c +++ b/src/tls.c @@ -9032,28 +9032,16 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); if (ret != WOLFSSL_SUCCESS) return ret; - if (!IsAtLeastTLSv1_3(ssl->version) && - TLSX_Find(ssl->ctx->extensions, - TLSX_EC_POINT_FORMATS) == NULL && - TLSX_Find(ssl->extensions, - TLSX_EC_POINT_FORMATS) == NULL) { - ret = TLSX_UsePointFormat(&ssl->extensions, - WOLFSSL_EC_PF_UNCOMPRESSED, - ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; - } - } - else if (!IsAtLeastTLSv1_3(ssl->version) && - TLSX_Find(ssl->ctx->extensions, - TLSX_EC_POINT_FORMATS) == NULL) { - ret = TLSX_UsePointFormat(&ssl->ctx->extensions, - WOLFSSL_EC_PF_UNCOMPRESSED, - ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; } } + if ((!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) && + TLSX_Find(ssl->ctx->extensions, TLSX_EC_POINT_FORMATS) == NULL && + TLSX_Find(ssl->extensions, TLSX_EC_POINT_FORMATS) == NULL) { + ret = TLSX_UsePointFormat(&ssl->extensions, + WOLFSSL_EC_PF_UNCOMPRESSED, ssl->heap); + if (ret != WOLFSSL_SUCCESS) + return ret; + } #endif /* (HAVE_ECC || HAVE_CURVE25519) && HAVE_SUPPORTED_CURVES */ } /* is not server */