Only allow supported_versions in a TLSv1.3 ServerHello

As per the latest text in TLSv1.3 draft-26 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5604)
author: Matt Caswell <matt@openssl.org> 2018-03-13 10:36:03 +0000
committer: Matt Caswell <matt@openssl.org> 2018-03-14 09:51:20 +0000
commit: 27e462f1b0c8d6295c745611e36beb5774de6688 (patch)
tree: abb6f14f8acdd950662a5a1c032d370ae8b53e4c /ssl/statem/extensions.c
parent: 3295d2423889496e0933b3f9af6dc692c9f9a8f2 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 0641a253d3..3dc4e8ed94 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -307,9 +307,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
     },
     {
         TLSEXT_TYPE_supported_versions,
-        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
-        | SSL_EXT_TLS1_3_SERVER_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
-        | SSL_EXT_TLS_IMPLEMENTATION_ONLY,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY,
         NULL,
         /* Processed inline as part of version selection */
         NULL, tls_parse_stoc_supported_versions,
author	Matt Caswell <matt@openssl.org>	2018-03-13 10:36:03 +0000
committer	Matt Caswell <matt@openssl.org>	2018-03-14 09:51:20 +0000
commit	27e462f1b0c8d6295c745611e36beb5774de6688 (patch)
tree	abb6f14f8acdd950662a5a1c032d370ae8b53e4c /ssl/statem/extensions.c
parent	3295d2423889496e0933b3f9af6dc692c9f9a8f2 (diff)