diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2020-05-11 17:49:47 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2020-05-11 17:49:47 +0000 |
| commit | ad429f00464a3adbb45fe8e9ce4e5a273fc16880 (patch) | |
| tree | 46030432f64b860ec9beb767df6e3c697a7c2d3f /lib | |
| parent | 24c83794ad3e0ee1c95285adcf820dc81db5b1fc (diff) | |
Set the record layer legacy version from the TLSv1.3 server.
This will be used to handle record version checks.
ok tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/tls13_server.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 1c286f573e2..ec612df90e7 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.44 2020/05/11 17:23:35 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.45 2020/05/11 17:49:46 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -37,6 +37,8 @@ tls13_server_init(struct tls13_ctx *ctx) if (!ssl_get_new_session(s, 0)) /* XXX */ return 0; + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION); + if (!tls1_transcript_init(s)) return 0; @@ -183,6 +185,8 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs) if (s->method->internal->version < TLS1_3_VERSION) return 1; + tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); + /* * If a matching key share was provided, we do not need to send a * HelloRetryRequest. |