Commit 7b21c00e authored by Matt Caswell's avatar Matt Caswell
Browse files

Look at the supported_versions extension even if the server <TLS1.3 



If supported_versions is present it takes precedence.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent bf85ef1b

ssl/statem/statem_lib.c

+1 −7
Original line number Diff line number Diff line
@@ -1024,13 +1024,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello) 
                                             hello->num_extensions,

                                             TLSEXT_TYPE_supported_versions);



    /*

     * TODO(TLS1.3): We only look at this if our max protocol version is TLS1.3

     * or above. Should we allow it for lower versions too?

     */

    if (suppversions != NULL && !SSL_IS_DTLS(s)

            && (s->max_proto_version == 0

                || TLS1_3_VERSION <= s->max_proto_version)) {

    if (suppversions != NULL && !SSL_IS_DTLS(s)) {

        unsigned int candidate_vers = 0;

        unsigned int best_vers = 0;

        const SSL_METHOD *best_method = NULL;

test/ssl-tests/protocol_version.pm

+4 −3
Original line number Diff line number Diff line
@@ -236,8 +236,9 @@ sub expected_result { 
        return ("ServerFail", undef);

    } elsif ($c_min > $s_max) {

        my @prots = @$protocols;

        if ($prots[$c_min] eq "TLSv1.3") {

            # Client won't have sent any ciphersuite the server recognises

        if ($prots[$c_max] eq "TLSv1.3") {

            # Client will have sent supported_versions, so server will know

            # that there are no overlapping versions.

            return ("ServerFail", undef);

        } else {

            # Server will try with a version that is lower than the lowest