When an SSL method is set, bump the max version back to that of the

incoming method if it is a client.

This addresses the case where TLS_method() is used to initialise a SSL_CTX,
then a TLS_client_method() is then set, resulting in TLSv1.2 being used
instead of TLSv1.3. This is observable in smtpd.

ok beck@

1 files changed, 10 insertions, 1 deletions

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index a6bdfaa4a10..a5a79d76bc0 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.210 2020/01/23 10:40:59 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.211 2020/01/26 07:24:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2240,6 +2240,15 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
 			ret = s->method->internal->ssl_new(s);
 		}
 
+		/*
+		 * XXX - reset the client max version to that of the incoming
+		 * method, otherwise a caller that uses a TLS_method() and then
+		 * sets with TLS_client_method() cannot do TLSv1.3.
+		 */
+		if (meth->internal->max_version == TLS1_3_VERSION &&
+		    meth->internal->ssl_connect != NULL)
+			s->internal->max_version = meth->internal->max_version;
+
 		if (conn == 1)
 			s->internal->handshake_func = meth->internal->ssl_connect;
 		else if (conn == 0)