From 74477b68f746b2effaedcba6a34947c12f2272b9 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 25 Jan 2020 12:31:42 +0000
Subject: Only send an RI extension for pre-TLSv1.3 versions.

ok beck@
---
 src/lib/libssl/ssl_tlsext.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index e66bd08f84..b76a48b99a 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.54 2020/01/22 10:38:11 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.55 2020/01/25 12:31:42 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -443,7 +443,7 @@ tlsext_ri_server_parse(SSL *s, CBS *cbs, int *alert)
 int
 tlsext_ri_server_needs(SSL *s)
 {
-	return (S3I(s)->send_connection_binding);
+	return (s->version < TLS1_3_VERSION && S3I(s)->send_connection_binding);
 }
 
 int
-- 
cgit v1.2.3-55-g6feb