commit 8a12aeec930a6045697d72394d3320521d4e58ef
author Ronald Cron <ronald.cron@arm.com> Wed Mar 08 15:30:43 2023 +0100
committer Ronald Cron <ronald.cron@arm.com> Thu Apr 06 10:26:18 2023 +0200
tree 53f6e0e75f0ce6151d98562eb044b70d11b01d29
parent 5af4c7f0e26321c562964108aca7f51c3c1d0123

tls: Initialize SSL context tls_version in mbedtls_ssl_setup()

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7d526a7..d649266 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1605,19 +1605,21 @@
                                                     renego_max_records is < 0           */
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
-    /** Server: Negotiated TLS protocol version.
-     *  Client: Maximum TLS version to be negotiated, then negotiated TLS
-     *          version.
+    /**
+     *  Maximum TLS version to be negotiated, then negotiated TLS version.
      *
-     *  It is initialized as the maximum TLS version to be negotiated in the
-     *  ClientHello writing preparation stage and used throughout the
-     *  ClientHello writing. For a fresh handshake not linked to any previous
-     *  handshake, it is initialized to the configured maximum TLS version
-     *  to be negotiated. When renegotiating or resuming a session, it is
-     *  initialized to the previously negotiated TLS version.
+     *  It is initialized as the configured maximum TLS version to be
+     *  negotiated by mbedtls_ssl_setup().
      *
-     *  Updated to the negotiated TLS version as soon as the ServerHello is
-     *  received.
+     *  When renegotiating or resuming a session, it is overwritten in the
+     *  ClientHello writing preparation stage with the previously negotiated
+     *  TLS version.
+     *
+     *  On client side, updated to the TLS version selected by the server for
+     *  the handshake when the ServerHello is received.
+     *
+     *  On server side, updated to the TLS version the server selects for the
+     *  handshake when the ClientHello is received.
      */
     mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
 

library/ssl_client.c

diff --git a/library/ssl_client.c b/library/ssl_client.c
index ea64b21..eb52e70 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -769,7 +769,6 @@
             ssl->tls_version = session_negotiate->tls_version;
             ssl->handshake->min_tls_version = ssl->tls_version;
         } else {
-            ssl->tls_version = ssl->conf->max_tls_version;
             ssl->handshake->min_tls_version = ssl->conf->min_tls_version;
         }
     }

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ad019b1..6a7fa96 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1393,6 +1393,7 @@
     if ((ret = ssl_conf_check(ssl)) != 0) {
         return ret;
     }
+    ssl->tls_version = ssl->conf->max_tls_version;
 
     /*
      * Prepare base structures