From 6458239b360dd9720b0688495c0c2cf492b2e348 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 7 Mar 2023 09:21:40 +0100 Subject: [PATCH] tls13: srv: Move TLS version setting When parsing the ClientHello message, move the setting of the TLS version to TLS 1.3 after the computation of the end of the list of cipher suites. At that point we are able to compute the address and end address of the list of extensions and thus able to search and parse the supported_versions extension to select which version of the TLS protocol we are going to negotiate. Signed-off-by: Ronald Cron --- library/ssl_tls13_server.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index bd27eaf8b..b2166d293 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1291,17 +1291,6 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } p += 2; - /* - * Only support TLS 1.3 currently, temporarily set the version. - */ - ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - /* Store minor version for later use with ticket serialization. */ - ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - ssl->session_negotiate->endpoint = ssl->conf->endpoint; -#endif - /* ... * Random random; * ... @@ -1372,6 +1361,17 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist", p, cipher_suites_len); + /* + * Only support TLS 1.3 currently, temporarily set the version. + */ + ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + /* Store minor version for later use with ticket serialization. */ + ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; + ssl->session_negotiate->endpoint = ssl->conf->endpoint; +#endif + /* * Search for a matching ciphersuite */