WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8861 from gasbytes/psk-handshake-failure-fix 

tls13: clear tls1_3 on downgrade
pull/8830/merge
JacobBarthelmeh 2025-06-10 10:24:17 -06:00 committed by GitHub
parent 047f0bb5fc 92b6e2f2e9
commit 2d892f07eb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/tls13.c
View File

@ -5142,6 +5142,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Force client hello version 1.2 to work for static RSA. */ /* Force client hello version 1.2 to work for static RSA. */
ssl->chVersion.minor = TLSv1_2_MINOR; ssl->chVersion.minor = TLSv1_2_MINOR;
ssl->version.minor = TLSv1_2_MINOR; ssl->version.minor = TLSv1_2_MINOR;
ssl->options.tls1_3 = 0;
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) { if (ssl->options.dtls) {
@ -5242,6 +5243,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->options.dtls) { if (ssl->options.dtls) {
ssl->chVersion.minor = DTLSv1_2_MINOR; ssl->chVersion.minor = DTLSv1_2_MINOR;
ssl->version.minor = DTLSv1_2_MINOR; ssl->version.minor = DTLSv1_2_MINOR;
ssl->options.tls1_3 = 0;
ret = Dtls13ClientDoDowngrade(ssl); ret = Dtls13ClientDoDowngrade(ssl);
if (ret != 0) if (ret != 0)
return ret; return ret;
@ -5255,6 +5257,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return VERSION_ERROR; return VERSION_ERROR;
} }
#ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_NO_TLS12
ssl->options.tls1_3 = 0;
return DoServerHello(ssl, input, inOutIdx, helloSz); return DoServerHello(ssl, input, inOutIdx, helloSz);
#else #else
SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version); SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version);