From 24920ea442ae11d098818346d1b92cbf95582783 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 22 Jan 2020 03:20:09 +0000 Subject: Correctly set the legacy version when TLSv1.3 is building a client hello. The legacy version field is capped at TLSv1.2, however it may be lower than this if we are only choosing to use TLSv1.0 or TLSv1.1. ok beck@ tb@ --- src/lib/libssl/tls13_client.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index e0041eadae..ef4c3de75f 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.24 2020/01/22 02:39:45 tb Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.25 2020/01/22 03:20:09 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -152,12 +152,19 @@ tls13_use_legacy_client(struct tls13_ctx *ctx) } static int -tls13_client_hello_build(SSL *s, CBB *cbb) +tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) { CBB cipher_suites, compression_methods, session_id; + uint16_t client_version; + SSL *s = ctx->ssl; uint8_t *sid; - if (!CBB_add_u16(cbb, TLS1_2_VERSION)) + /* Legacy client version is capped at TLS 1.2. */ + client_version = ctx->hs->max_version; + if (client_version > TLS1_2_VERSION) + client_version = TLS1_2_VERSION; + + if (!CBB_add_u16(cbb, client_version)) goto err; if (!CBB_add_bytes(cbb, s->s3->client_random, SSL3_RANDOM_SIZE)) goto err; @@ -204,7 +211,7 @@ tls13_client_hello_send(struct tls13_ctx *ctx) if (!tls13_handshake_msg_start(ctx->hs_msg, &body, TLS13_MT_CLIENT_HELLO)) return 0; - if (!tls13_client_hello_build(ctx->ssl, &body)) + if (!tls13_client_hello_build(ctx, &body)) return 0; if (!tls13_handshake_msg_finish(ctx->hs_msg)) return 0; -- cgit v1.2.3-55-g6feb