Provide a way to determine our maximum legacy version.

With the introduction of TLSv1.3, we need the ability to determine our maximum legacy version and to track our peer's maximum legacy version. This is needed for both the TLS record layer when using TLSv1.3, plus it is needed for RSA key exhange in TLS prior to TLSv1.3, where the maximum legacy version is incorporated in the pre-master secret to avoid downgrade attacks. This unbreaks RSA KEX for the TLS client when the non-version specific method is used with TLSv1.0 or TLSv1.1 (clearly no one does this). ok tb@
author: jsing <> 2021-10-23 14:40:54 +0000
committer: jsing <> 2021-10-23 14:40:54 +0000
commit: 48d78838532f827ee48f8f73f24be6e77d4bbf0f (patch)
tree: ce6df35f3dc86483e4bf5fb3d4d1a4ada8d56b08 /src/lib/libssl/tls13_legacy.c
parent: 29938589622ccf645f7dc926feb10e611775c666 (diff)
download: openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.tar.gz
openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.tar.bz2
openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index f668dd4ea3..18e6fa3681 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.31 2021/09/16 19:25:30 jsing Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.32 2021/10/23 14:40:54 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -383,7 +383,7 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
                return 0;
        s->internal->handshake_func = s->method->ssl_connect;
-        s->client_version = s->version = s->method->max_tls_version;
+        s->version = s->method->max_tls_version;
        return 1;
 }
@@ -397,7 +397,7 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
                return 0;
        s->internal->handshake_func = s->method->ssl_accept;
-        s->client_version = s->version = s->method->max_tls_version;
+        s->version = s->method->max_tls_version;
        s->server = 1;
        return 1;
author	jsing <>	2021-10-23 14:40:54 +0000
committer	jsing <>	2021-10-23 14:40:54 +0000
commit	48d78838532f827ee48f8f73f24be6e77d4bbf0f (patch)
tree	ce6df35f3dc86483e4bf5fb3d4d1a4ada8d56b08 /src/lib/libssl/tls13_legacy.c
parent	29938589622ccf645f7dc926feb10e611775c666 (diff)
download	openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.tar.gz openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.tar.bz2 openbsd-48d78838532f827ee48f8f73f24be6e77d4bbf0f.zip

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index f668dd4ea3..18e6fa3681 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_legacy.c,v 1.31 2021/09/16 19:25:30 jsing Exp $ */	1	/* $OpenBSD: tls13_legacy.c,v 1.32 2021/10/23 14:40:54 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -383,7 +383,7 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
383	return 0;	383	return 0;
384		384
385	s->internal->handshake_func = s->method->ssl_connect;	385	s->internal->handshake_func = s->method->ssl_connect;
386	s->client_version = s->version = s->method->max_tls_version;	386	s->version = s->method->max_tls_version;
387		387
388	return 1;	388	return 1;
389	}	389	}
@@ -397,7 +397,7 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
397	return 0;	397	return 0;
398		398
399	s->internal->handshake_func = s->method->ssl_accept;	399	s->internal->handshake_func = s->method->ssl_accept;
400	s->client_version = s->version = s->method->max_tls_version;	400	s->version = s->method->max_tls_version;
401	s->server = 1;	401	s->server = 1;
402		402
403	return 1;	403	return 1;