Use the same min-max version range on the client consistently

We need to ensure that the min-max version range we use when constructing the ClientHello is the same range we use when we validate the version selected by the ServerHello. Otherwise this may appear as a fallback or downgrade. Fixes #6964 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7013)
author: Matt Caswell <matt@openssl.org> 2018-08-20 15:12:39 +0100
committer: Matt Caswell <matt@openssl.org> 2018-08-22 15:15:19 +0100
commit: b5b993b2295be98e23fa8bb570b2c38c5bf8aaf3 (patch)
tree: b9452ca6460302ff329f17158e9327962638a510 /ssl/statem/extensions_clnt.c
parent: bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 2d5b60a737..4b5e6fe2b8 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -507,7 +507,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
 {
     int currv, min_version, max_version, reason;
 
-    reason = ssl_get_min_max_version(s, &min_version, &max_version);
+    reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
     if (reason != 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                  SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason);
author	Matt Caswell <matt@openssl.org>	2018-08-20 15:12:39 +0100
committer	Matt Caswell <matt@openssl.org>	2018-08-22 15:15:19 +0100
commit	b5b993b2295be98e23fa8bb570b2c38c5bf8aaf3 (patch)
tree	b9452ca6460302ff329f17158e9327962638a510 /ssl/statem/extensions_clnt.c
parent	bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (diff)