diff options
author | Matt Caswell <matt@openssl.org> | 2018-08-20 15:12:39 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-08-22 15:15:19 +0100 |
commit | b5b993b2295be98e23fa8bb570b2c38c5bf8aaf3 (patch) | |
tree | b9452ca6460302ff329f17158e9327962638a510 /ssl/statem/extensions_clnt.c | |
parent | bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (diff) |
Use the same min-max version range on the client consistently
We need to ensure that the min-max version range we use when constructing
the ClientHello is the same range we use when we validate the version
selected by the ServerHello. Otherwise this may appear as a fallback or
downgrade.
Fixes #6964
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7013)
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 2d5b60a737..4b5e6fe2b8 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -507,7 +507,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, { int currv, min_version, max_version, reason; - reason = ssl_get_min_max_version(s, &min_version, &max_version); + reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); if (reason != 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason); |