diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2020-01-22 03:20:10 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2020-01-22 03:20:10 +0000 |
commit | f4544f1d265f306ca01d9d4ad9f5ef4108681823 (patch) | |
tree | b26d785d28333ed88b729eee30e62288ebc0910a /lib/libssl/tls13_client.c | |
parent | c0e546e1a9e9265fcfe28255fcc8399017a8be38 (diff) |
Correctly set the legacy version when TLSv1.3 is building a client hello.
The legacy version field is capped at TLSv1.2, however it may be lower than
this if we are only choosing to use TLSv1.0 or TLSv1.1.
ok beck@ tb@
Diffstat (limited to 'lib/libssl/tls13_client.c')
-rw-r--r-- | lib/libssl/tls13_client.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index e0041eadae8..ef4c3de75f4 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.24 2020/01/22 02:39:45 tb Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.25 2020/01/22 03:20:09 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -152,12 +152,19 @@ tls13_use_legacy_client(struct tls13_ctx *ctx) } static int -tls13_client_hello_build(SSL *s, CBB *cbb) +tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) { CBB cipher_suites, compression_methods, session_id; + uint16_t client_version; + SSL *s = ctx->ssl; uint8_t *sid; - if (!CBB_add_u16(cbb, TLS1_2_VERSION)) + /* Legacy client version is capped at TLS 1.2. */ + client_version = ctx->hs->max_version; + if (client_version > TLS1_2_VERSION) + client_version = TLS1_2_VERSION; + + if (!CBB_add_u16(cbb, client_version)) goto err; if (!CBB_add_bytes(cbb, s->s3->client_random, SSL3_RANDOM_SIZE)) goto err; @@ -204,7 +211,7 @@ tls13_client_hello_send(struct tls13_ctx *ctx) if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO)) return 0; - if (!tls13_client_hello_build(ctx->ssl, &body)) + if (!tls13_client_hello_build(ctx, &body)) return 0; if (!tls13_handshake_msg_finish(ctx->hs_msg)) return 0; |