ssl_client.c: Adapt initial version selection to TLS 1.2 case

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-02-18 17:45:10 +01:00
parent 5456a7f89c
commit 86a477f5ee
2 changed files with 26 additions and 4 deletions

View File

@ -218,10 +218,6 @@ static int ssl_write_client_hello_body( mbedtls_ssl_context *ssl,
*out_len = 0;
/* No validation needed here. It has been done by ssl_conf_check() */
ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver;
/*
* Write legacy_version
* ProtocolVersion legacy_version = 0x0303; // TLS v1.2
@ -359,6 +355,29 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_NO_RNG );
}
/* Bet on the highest configured version if we are not in a TLS 1.2
* renegotiation or session resumption.
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
ssl->handshake->min_minor_ver = ssl->minor_ver;
else
#endif
{
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
if( ssl->handshake->resume )
{
ssl->minor_ver = ssl->session_negotiate->minor_ver;
ssl->handshake->min_minor_ver = ssl->minor_ver;
}
else
{
ssl->minor_ver = ssl->conf->max_minor_ver;
ssl->handshake->min_minor_ver = ssl->conf->min_minor_ver;
}
}
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
ssl->handshake->randbytes,
MBEDTLS_CLIENT_HELLO_RANDOM_LEN ) ) != 0 )

View File

@ -542,6 +542,9 @@ struct mbedtls_ssl_handshake_params
uint8_t resume; /*!< session resume indicator*/
uint8_t cli_exts; /*!< client extension presence*/
/*!< Minimum minor version to be negotiated. */
unsigned char min_minor_ver;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
uint8_t sni_authmode; /*!< authmode from SNI callback */
#endif