Use ClientHello.legacy_version for the RSA pre-master no matter what
Don't use what is in supported_versions for the RSA pre-master
Reviewed-by: Emilia Käsper <emilia@openssl.org>
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 1f4e630..ba873ee 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -849,7 +849,6 @@
SSL_COMP *comp;
#endif
SSL_SESSION *sess = s->session;
- int client_version;
if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) {
/* Should not happen */
@@ -930,8 +929,7 @@
* For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the
* supported_versions extension for the real supported versions.
*/
- client_version = SSL_IS_TLS13(s) ? TLS1_2_VERSION : s->client_version;
- if (!WPACKET_put_bytes_u16(pkt, client_version)
+ if (!WPACKET_put_bytes_u16(pkt, s->client_version)
|| !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return 0;
