From 2d729db2f0c047e64c580342f6fba0d99b2ada50 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 7 Nov 2017 16:04:35 +0000 Subject: [PATCH] Send TLSv1.2 as the record version when using TLSv1.3 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/4701) --- ssl/record/rec_layer_s3.c | 3 ++- test/recipes/70-test_sslversions.t | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 5f01b04139..5b0d2d6e19 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -816,7 +816,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Clear our SSL3_RECORD structures */ memset(wr, 0, sizeof(wr)); for (j = 0; j < numpipes; j++) { - unsigned int version = SSL_TREAT_AS_TLS13(s) ? TLS1_VERSION : s->version; + unsigned int version = SSL_TREAT_AS_TLS13(s) ? TLS1_2_VERSION + : s->version; unsigned char *compressdata = NULL; size_t maxcomplen; unsigned int rectype; diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t index 1f3db22478..6044a05954 100644 --- a/test/recipes/70-test_sslversions.t +++ b/test/recipes/70-test_sslversions.t @@ -87,7 +87,7 @@ $testtype = REVERSE_ORDER_VERSIONS; $proxy->start(); $record = pop @{$proxy->record_list}; ok(TLSProxy::Message->success() - && $record->version() == TLSProxy::Record::VERS_TLS_1_0 + && $record->version() == TLSProxy::Record::VERS_TLS_1_2 && TLSProxy::Proxy->is_tls13(), "Reverse order versions"); @@ -107,7 +107,7 @@ $testtype = WITH_TLS1_4; $proxy->start(); $record = pop @{$proxy->record_list}; ok(TLSProxy::Message->success() - && $record->version() == TLSProxy::Record::VERS_TLS_1_0 + && $record->version() == TLSProxy::Record::VERS_TLS_1_2 && TLSProxy::Proxy->is_tls13(), "TLS1.4 in supported versions extension"); -- GitLab