From 758e05c52ec5acb133647e69495812269ad67525 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Nov 2017 15:49:08 +0000
Subject: [PATCH] Make sure we treat records written after HRR as TLSv1.3

This fixes a bug where some CCS records were written with the wrong TLS
record version.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
---
 ssl/ssl_locl.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0e45b92fb0..eec5be3f19 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -326,7 +326,8 @@
     (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
      || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
      || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
-     || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
+     || (s)->hello_retry_request == SSL_HRR_PENDING)
 
 # define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
                                     || (s)->s3->tmp.peer_finish_md_len == 0)
-- 
2.25.1