From: Matt Caswell Date: Mon, 2 Jan 2017 11:40:16 +0000 (+0000) Subject: Always use TLSv1.0 for record layer version in TLSv1.3 X-Git-Tag: OpenSSL_1_1_1-pre1~2707 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d24c6a34ce4af11cd09aadd6a0f356cb2bd7fa4f;p=oweals%2Fopenssl.git Always use TLSv1.0 for record layer version in TLSv1.3 TLSv1.3 freezes the record layer version and ensures that it is always set to TLSv1.0. Some implementations check this. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2157) --- diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 3ffe29ad00..01e3db26cb 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -784,7 +784,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Clear our SSL3_RECORD structures */ memset(wr, 0, sizeof wr); for (j = 0; j < numpipes; j++) { - unsigned int version = s->version; + unsigned int version = SSL_IS_TLS13(s) ? TLS1_VERSION : s->version; unsigned char *compressdata = NULL; size_t maxcomplen; unsigned int rectype;