The legacy_record_version must be set to TLS1_2_VERSION except

in the ClientHello where it may be set to TLS1_VERSION.  Use
the minimal supported version to decide whether we choose to do
so or not. Use a sent hook to set it back TLS1_2_VERSION right
after the ClientHello message is on the wire.

ok beck jsing

1 files changed, 4 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 167ed1f254..1eb05b7100 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.41 2020/01/22 02:21:05 beck Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.42 2020/01/22 02:39:45 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -122,6 +122,8 @@ void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
     const EVP_AEAD *aead);
 void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
     const EVP_MD *hash);
+void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
+    uint16_t version);
 void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
 int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
     struct tls13_secret *read_key);
@@ -253,6 +255,7 @@ int tls13_legacy_shutdown(SSL *ssl);
 int tls13_handshake_perform(struct tls13_ctx *ctx);
 
 int tls13_client_hello_send(struct tls13_ctx *ctx);
+int tls13_client_hello_sent(struct tls13_ctx *ctx);
 int tls13_client_hello_recv(struct tls13_ctx *ctx);
 int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
 int tls13_client_hello_retry_recv(struct tls13_ctx *ctx);