From 1b26de44d271b3f7f83a642504512a3bcf349f8b Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 26 Jan 2020 07:24:47 +0000
Subject: When an SSL method is set, bump the max version back to that of the
 incoming method if it is a client.

This addresses the case where TLS_method() is used to initialise a SSL_CTX,
then a TLS_client_method() is then set, resulting in TLSv1.2 being used
instead of TLSv1.3. This is observable in smtpd.

ok beck@
---
 src/lib/libssl/ssl_lib.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index a6bdfaa4a1..a5a79d76bc 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.210 2020/01/23 10:40:59 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.211 2020/01/26 07:24:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2240,6 +2240,15 @@ SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
 			ret = s->method->internal->ssl_new(s);
 		}
 
+		/*
+		 * XXX - reset the client max version to that of the incoming
+		 * method, otherwise a caller that uses a TLS_method() and then
+		 * sets with TLS_client_method() cannot do TLSv1.3.
+		 */
+		if (meth->internal->max_version == TLS1_3_VERSION &&
+		    meth->internal->ssl_connect != NULL)
+			s->internal->max_version = meth->internal->max_version;
+
 		if (conn == 1)
 			s->internal->handshake_func = meth->internal->ssl_connect;
 		else if (conn == 0)
-- 
cgit v1.2.3-55-g6feb