projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add client side support for parsing Hello Retry Request
[oweals/openssl.git] / ssl / statem / statem_lib.c
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 13174abb1703ef0068d38c110bc9df7b3023254e..c3dd31a9adf3c72975aac1d32340ee69b14f6d9c 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1595,6 +1595,9 @@ int ssl_choose_client_version(SSL *s, int version)
             continue;
         if (vent->cmeth == NULL)
             break;
+        if (s->hello_retry_request && version != TLS1_3_VERSION)
+            return SSL_R_WRONG_SSL_VERSION;
+
         method = vent->cmeth();
         err = ssl_method_error(s, method);
         if (err != 0)
Unnamed repository; edit this file 'description' to name the repository.