ssl_client.c: Adapt initial version selection to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 90e9438..8ab53b5 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -218,10 +218,6 @@
*out_len = 0;
- /* No validation needed here. It has been done by ssl_conf_check() */
- ssl->major_ver = ssl->conf->min_major_ver;
- ssl->minor_ver = ssl->conf->min_minor_ver;
-
/*
* Write legacy_version
* ProtocolVersion legacy_version = 0x0303; // TLS v1.2
@@ -359,6 +355,29 @@
return( MBEDTLS_ERR_SSL_NO_RNG );
}
+ /* Bet on the highest configured version if we are not in a TLS 1.2
+ * renegotiation or session resumption.
+ */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ ssl->handshake->min_minor_ver = ssl->minor_ver;
+ else
+#endif
+ {
+ ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+
+ if( ssl->handshake->resume )
+ {
+ ssl->minor_ver = ssl->session_negotiate->minor_ver;
+ ssl->handshake->min_minor_ver = ssl->minor_ver;
+ }
+ else
+ {
+ ssl->minor_ver = ssl->conf->max_minor_ver;
+ ssl->handshake->min_minor_ver = ssl->conf->min_minor_ver;
+ }
+ }
+
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng,
ssl->handshake->randbytes,
MBEDTLS_CLIENT_HELLO_RANDOM_LEN ) ) != 0 )