From e71639d39bf3f6d614eb11034996d47f0fddf38c Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Fri, 11 Mar 2022 11:31:31 +0100
Subject: [PATCH] Simplify TLS major version default value setting

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_misc.h |  1 -
 library/ssl_tls.c  | 13 ++++++-------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index f147d772f..cb20187d7 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -85,7 +85,6 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
-#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
 
 /* Determine maximum supported version */
 #define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7c4e6fce8..77d4e2d4f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4223,9 +4223,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
          * NSA Suite B
          */
         case MBEDTLS_SSL_PRESET_SUITEB:
-            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
-            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
+            conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
             conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+
+            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
             /* Hybrid TLS 1.2/1.3 is not supported yet */
             conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
@@ -4261,15 +4262,13 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
          * Default
          */
         default:
-            conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
-                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
-                                    MBEDTLS_SSL_MIN_MAJOR_VERSION :
-                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
+            conf->min_major_ver = MBEDTLS_SSL_MIN_MAJOR_VERSION;
+            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+
             conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
                                     MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
                                     MBEDTLS_SSL_MIN_MINOR_VERSION :
                                     MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
-            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
             /* Hybrid TLS 1.2/1.3 is not supported yet */
             conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;