Add server side support for supported_versions extension Reviewed-by: Rich Salz <rsalz@openssl.org>

commit: cd99883755f428ac47e8e2ccb21333b675ec22d9 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Sun Oct 23 00:41:11 2016 +0100
committer: Matt Caswell <matt@openssl.org> Wed Nov 09 16:03:08 2016 +0000
tree: 17d181d3e756614af7ea3d716af156198537f98b
parent: 5506e835a87f3ab8be77c96d3ccea8566bd42335 [diff] [blame]
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 6a05b9d..b8bca0e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c

@@ -779,8 +779,13 @@
      * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
      * client_version in client hello and not resetting it to
      * the negotiated version.
+     *
+     * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the
+     * supported_versions extension for the reall supported versions.
      */
-    if (!WPACKET_put_bytes_u16(pkt, s->client_version)
+    if (!WPACKET_put_bytes_u16(pkt,
+                (!SSL_IS_DTLS(s) && s->client_version >= TLS1_3_VERSION)
+                ? TLS1_2_VERSION : s->client_version)
             || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
         return 0;
commit	cd99883755f428ac47e8e2ccb21333b675ec22d9	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Sun Oct 23 00:41:11 2016 +0100
committer	Matt Caswell <matt@openssl.org>	Wed Nov 09 16:03:08 2016 +0000
tree	17d181d3e756614af7ea3d716af156198537f98b
parent	5506e835a87f3ab8be77c96d3ccea8566bd42335 [diff] [blame]