Don't allow renegotiation for DTLS 1.3feature/dtls-1.3

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22362)
author: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> 2023-10-12 13:55:32 +0200
committer: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> 2024-04-15 13:10:56 +0200
commit: ce32f3a539dedbc3b8265679316aeed610b9f45b (patch)
tree: 93f6a49c75d389c9800fcdca3e89b2e0c494e31e
parent: cb57dc46324d0f8a29e48423a750e4c8419c5185 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 33c3b6278c..85eb6dcf36 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -16,7 +16,9 @@
 #define PROTOCOL        "tcp"
 
 #define SSL_VERSION_ALLOWS_RENEGOTIATION(s) \
-    (SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION))
+    ((SSL_is_dtls(s) && (SSL_version(s) > DTLS1_3_VERSION \
+                         || SSL_version(s) == DTLS1_BAD_VER)) \
+     || (!SSL_is_dtls(s) && SSL_version(s) < TLS1_3_VERSION))
 
 typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
 void get_sock_info_address(int asock, char **hostname, char **service);
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>	2023-10-12 13:55:32 +0200
committer	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>	2024-04-15 13:10:56 +0200
commit	ce32f3a539dedbc3b8265679316aeed610b9f45b (patch)
tree	93f6a49c75d389c9800fcdca3e89b2e0c494e31e
parent	cb57dc46324d0f8a29e48423a750e4c8419c5185 (diff)