From 2d729db2f0c047e64c580342f6fba0d99b2ada50 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 7 Nov 2017 16:04:35 +0000
Subject: [PATCH] Send TLSv1.2 as the record version when using TLSv1.3

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
---
 ssl/record/rec_layer_s3.c          | 3 ++-
 test/recipes/70-test_sslversions.t | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 5f01b04139..5b0d2d6e19 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -816,7 +816,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
     /* Clear our SSL3_RECORD structures */
     memset(wr, 0, sizeof(wr));
     for (j = 0; j < numpipes; j++) {
-        unsigned int version = SSL_TREAT_AS_TLS13(s) ? TLS1_VERSION : s->version;
+        unsigned int version = SSL_TREAT_AS_TLS13(s) ? TLS1_2_VERSION
+                                                     : s->version;
         unsigned char *compressdata = NULL;
         size_t maxcomplen;
         unsigned int rectype;
diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t
index 1f3db22478..6044a05954 100644
--- a/test/recipes/70-test_sslversions.t
+++ b/test/recipes/70-test_sslversions.t
@@ -87,7 +87,7 @@ $testtype = REVERSE_ORDER_VERSIONS;
 $proxy->start();
 $record = pop @{$proxy->record_list};
 ok(TLSProxy::Message->success()
-   && $record->version() == TLSProxy::Record::VERS_TLS_1_0
+   && $record->version() == TLSProxy::Record::VERS_TLS_1_2
    && TLSProxy::Proxy->is_tls13(),
    "Reverse order versions");
 
@@ -107,7 +107,7 @@ $testtype = WITH_TLS1_4;
 $proxy->start();
 $record = pop @{$proxy->record_list};
 ok(TLSProxy::Message->success()
-   && $record->version() == TLSProxy::Record::VERS_TLS_1_0
+   && $record->version() == TLSProxy::Record::VERS_TLS_1_2
    && TLSProxy::Proxy->is_tls13(),
    "TLS1.4 in supported versions extension");
 
-- 
2.25.1