From 11dfb713e9ebb50821e428f5d0b487a5a4ca7b80 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Tue, 19 Jul 2022 16:32:38 +0200
Subject: [PATCH] openssl_compatible_default: use DTLSv1.0 as minDowngrade in
 DTLS

---
 src/ssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 91a452132..c481726db 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -522,7 +522,8 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
         wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
         wolfSSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
         if (wolfSSL_CTX_set_min_proto_version(ctx,
-                SSL3_VERSION) != WOLFSSL_SUCCESS ||
+                                              (method->version.major == DTLS_MAJOR) ?
+                                               DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS ||
 #ifdef HAVE_ANON
                 wolfSSL_CTX_allow_anon_cipher(ctx) != WOLFSSL_SUCCESS ||
 #endif