Disable TLSv1.3 middlebox compatibility mode for QUIC connections.

This is required by RFC 9001.

ok tb@

1 files changed, 3 insertions, 2 deletions

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 8b8ea7f01b..6522c104d6 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.64 2022/07/17 15:49:20 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.65 2022/07/17 15:51:06 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -401,7 +401,8 @@ tls13_ctx_new(int mode, SSL *ssl)
         ctx->info_cb = tls13_legacy_info_cb;
         ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
 
-        ctx->middlebox_compat = 1;
+        if (!SSL_is_quic(ssl))
+                ctx->middlebox_compat = 1;
 
         ssl->internal->tls13 = ctx;