Use the same min-max version range on the client consistently

We need to ensure that the min-max version range we use when constructing the ClientHello is the same range we use when we validate the version selected by the ServerHello. Otherwise this may appear as a fallback or downgrade. Fixes #6964 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
author: Matt Caswell <matt@openssl.org> 2018-08-20 15:12:39 +0100
committer: Matt Caswell <matt@openssl.org> 2018-08-22 15:15:19 +0100
commit: b5b993b2295be98e23fa8bb570b2c38c5bf8aaf3 (patch)
tree: b9452ca6460302ff329f17158e9327962638a510 /ssl/statem/extensions.c
parent: bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 12c712e8e6..307e6b9d6f 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -810,7 +810,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
     }
 
     if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
-        reason = ssl_get_min_max_version(s, &min_version, &max_version);
+        reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
         if (reason != 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
                      reason);
author	Matt Caswell <matt@openssl.org>	2018-08-20 15:12:39 +0100
committer	Matt Caswell <matt@openssl.org>	2018-08-22 15:15:19 +0100
commit	b5b993b2295be98e23fa8bb570b2c38c5bf8aaf3 (patch)
tree	b9452ca6460302ff329f17158e9327962638a510 /ssl/statem/extensions.c
parent	bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (diff)