diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-03-26 19:39:30 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:28:11 +0200 |
commit | 1bb3507c5e6e193cfb5912df347ca2ecaddc482e (patch) | |
tree | 699e735203f50ddf143acb34c2be8d15ef6f1f15 | |
parent | 656d40953c3637b557de9920f7e694aec97bc5ed (diff) |
Fix wrong dtls 1 and 1.2 version check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
-rw-r--r-- | ssl/statem/statem_srvr.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 57927271db..81f706ed9b 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1960,8 +1960,9 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) } if (!s->hit - && ssl_version_cmp(s, s->version, SSL_CONNECTION_IS_DTLS(s) ? DTLS1_VERSION : TLS1_VERSION) >= 0 + && s->version >= TLS1_VERSION && !SSL_CONNECTION_IS_VERSION13(s) + && !SSL_CONNECTION_IS_DTLS(s) && s->ext.session_secret_cb != NULL) { const SSL_CIPHER *pref_cipher = NULL; /* |