From e225ef6f6dede36e99d00cc89f0ea8c7da355d25 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 23 Oct 2021 14:40:54 +0000 Subject: Provide a way to determine our maximum legacy version. With the introduction of TLSv1.3, we need the ability to determine our maximum legacy version and to track our peer's maximum legacy version. This is needed for both the TLS record layer when using TLSv1.3, plus it is needed for RSA key exhange in TLS prior to TLSv1.3, where the maximum legacy version is incorporated in the pre-master secret to avoid downgrade attacks. This unbreaks RSA KEX for the TLS client when the non-version specific method is used with TLSv1.0 or TLSv1.1 (clearly no one does this). ok tb@ --- src/lib/libssl/tls13_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_server.c') diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 9c0369fc91..a19b3825fe 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.85 2021/10/23 13:12:55 tb Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.86 2021/10/23 14:40:54 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -164,6 +164,7 @@ tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs) return tls13_use_legacy_server(ctx); } ctx->hs->negotiated_tls_version = TLS1_3_VERSION; + ctx->hs->peer_legacy_version = legacy_version; /* Ensure we send subsequent alerts with the correct record version. */ tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION); -- cgit v1.2.3-55-g6feb