3 files changed, 13 insertions, 1 deletions

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 0e037ada5e..d2d417ee67 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1433,6 +1433,7 @@ inline static unsigned get_num_version(gnutls_session_t session)
 
 void _gnutls_priority_update_fips(void);
 void _gnutls_priority_update_non_aesni(void);
+extern unsigned _gnutls_disable_tls13;
 
 #define timespec_sub_ms _gnutls_timespec_sub_ms
 unsigned int
diff --git a/lib/state.c b/lib/state.c
index 284214b87f..2c63001c2b 100644
--- a/lib/state.c
+++ b/lib/state.c
@@ -53,6 +53,10 @@
 #include "dtls.h"
 #include "tls13/session_ticket.h"
 
+/* to be used by supplemental data support to disable TLS1.3
+ * when supplemental data have been globally registered */
+unsigned _gnutls_disable_tls13 = 0;
+
 /* These should really be static, but src/tests.c calls them.  Make
    them public functions?  */
 void
@@ -401,6 +405,9 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
 
 	(*session)->internals.flags = flags;
 
+	if (_gnutls_disable_tls13 != 0)
+		(*session)->internals.flags |= INT_FLAG_NO_TLS13;
+
 	return 0;
 }
 
diff --git a/lib/supplemental.c b/lib/supplemental.c
index a0996a1285..84305c7086 100644
--- a/lib/supplemental.c
+++ b/lib/supplemental.c
@@ -282,7 +282,8 @@ _gnutls_supplemental_register(gnutls_supplemental_entry_st *entry)
  * registered or handled by GnuTLS internally %GNUTLS_E_ALREADY_REGISTERED
  * will be returned.
  *
- * This function is not thread safe.
+ * This function is not thread safe. As supplemental data are not defined under
+ * TLS 1.3, this function will disable TLS 1.3 support globally.
  *
  * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
  *
@@ -304,6 +305,9 @@ gnutls_supplemental_register(const char *name, gnutls_supplemental_data_format_t
 	if (ret < 0) {
 		gnutls_free(tmp_entry.name);
 	}
+
+	_gnutls_disable_tls13 = 1;
+
 	return ret;
 }