From 4473e9335e8c56832720d1a5a8f929cc5799ea02 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 1 Oct 2021 09:17:59 +1000
Subject: [PATCH] TLS 1.3: Check min downgrade when no extensions in
 ServerHello

TLS 1.3 ServerHello must have extensions, so server attempting to
downgrade, but min downgrade was not checked in that case.
---
 src/tls13.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index 71e725a38..ae8a24408 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3489,6 +3489,13 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         ssl->version.minor = TLSv1_2_MINOR;
 #endif
         ssl->options.haveEMS = 0;
+        if (args->pv.minor < ssl->options.minDowngrade)
+            return VERSION_ERROR;
+#ifndef WOLFSSL_NO_TLS12
+        return DoServerHello(ssl, input, inOutIdx, helloSz);
+#else
+        return VERSION_ERROR;
+#endif
     }
 
     if ((args->idx - args->begin) < helloSz) {