diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-08-17 14:02:34 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-20 21:54:30 +0200 |
| commit | 087cc4b95e5edd7a448dedd506eb8e7ffad95962 (patch) | |
| tree | 8db0f971e21831b3c2505a37ad3f93e11196e869 /lib/ext | |
| parent | 96863e08a4d0b3fbccaa68c7d5fd21fa269222ef (diff) | |
| download | gnutls-087cc4b95e5edd7a448dedd506eb8e7ffad95962.tar.gz | |
handshake: do not negotiate TLS1.3 using the legacy version fieldtmp-update-version-numbers
Previously we could end-up with a TLS1.3 connection if the TLS1.3
ID was seen on the wire. We now explicitly fallback to TLS1.2
when we see a protocol with TLS1.3 semantics in an SSL2.0 or
in the legacy version of the client hello.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/ext')
| -rw-r--r-- | lib/ext/supported_versions.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ext/supported_versions.c b/lib/ext/supported_versions.c index 3a11b39bd4..b7fe31f75b 100644 --- a/lib/ext/supported_versions.c +++ b/lib/ext/supported_versions.c @@ -133,7 +133,7 @@ supported_versions_recv_params(gnutls_session_t session, if (!vers->tls13_sem) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); - ret = _gnutls_negotiate_version(session, major, minor); + ret = _gnutls_negotiate_version(session, major, minor, 1); if (ret < 0) { gnutls_assert(); return ret; |