summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/libssl/tls13_client.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index e0041eadae8..ef4c3de75f4 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.24 2020/01/22 02:39:45 tb Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.25 2020/01/22 03:20:09 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -152,12 +152,19 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
}
static int
-tls13_client_hello_build(SSL *s, CBB *cbb)
+tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
{
CBB cipher_suites, compression_methods, session_id;
+ uint16_t client_version;
+ SSL *s = ctx->ssl;
uint8_t *sid;
- if (!CBB_add_u16(cbb, TLS1_2_VERSION))
+ /* Legacy client version is capped at TLS 1.2. */
+ client_version = ctx->hs->max_version;
+ if (client_version > TLS1_2_VERSION)
+ client_version = TLS1_2_VERSION;
+
+ if (!CBB_add_u16(cbb, client_version))
goto err;
if (!CBB_add_bytes(cbb, s->s3->client_random, SSL3_RANDOM_SIZE))
goto err;
@@ -204,7 +211,7 @@ tls13_client_hello_send(struct tls13_ctx *ctx)
if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO))
return 0;
- if (!tls13_client_hello_build(ctx->ssl, &body))
+ if (!tls13_client_hello_build(ctx, &body))
return 0;
if (!tls13_handshake_msg_finish(ctx->hs_msg))
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 19:24:19 +0000