From 92b6e2f2e917fe8dcdc9fcf23351f235a9c62a06 Mon Sep 17 00:00:00 2001
From: Reda Chouk <reda@wolfssl.com>
Date: Mon, 9 Jun 2025 17:12:56 +0200
Subject: [PATCH] tls13: clear tls1_3 on downgrade
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Unset ssl->options.tls1_3 whenever we drop to TLS 1.2 so PSK
handshakes don’t hit -326 VERSION_ERROR.
---
 src/tls13.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index 3a9dae263..81c687fc3 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5118,6 +5118,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             /* Force client hello version 1.2 to work for static RSA. */
             ssl->chVersion.minor = TLSv1_2_MINOR;
             ssl->version.minor = TLSv1_2_MINOR;
+            ssl->options.tls1_3 = 0;
 
 #ifdef WOLFSSL_DTLS13
             if (ssl->options.dtls) {
@@ -5218,6 +5219,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (ssl->options.dtls) {
             ssl->chVersion.minor = DTLSv1_2_MINOR;
             ssl->version.minor = DTLSv1_2_MINOR;
+            ssl->options.tls1_3 = 0;
             ret = Dtls13ClientDoDowngrade(ssl);
             if (ret != 0)
                 return ret;
@@ -5231,6 +5233,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
             return VERSION_ERROR;
         }
 #ifndef WOLFSSL_NO_TLS12
+        ssl->options.tls1_3 = 0;
         return DoServerHello(ssl, input, inOutIdx, helloSz);
 #else
         SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version);