Merge pull request #4482 from miyazakh/mindowngarde_staticrsa

TLS 1.3: ServerHello downgrade with no extensions fix
2021-10-20 07:58:34 +10:00
parent 7447a567e1 91cd2b1731
commit 93f033823c
1 changed files with 2 additions and 0 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -3486,6 +3486,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        if (!ssl->options.downgrade)
            return BUFFER_ERROR;
 #ifndef WOLFSSL_NO_TLS12
+        /* Force client hello version 1.2 to work for static RSA. */
+        ssl->chVersion.minor = TLSv1_2_MINOR;
        ssl->version.minor = TLSv1_2_MINOR;
 #endif
        ssl->options.haveEMS = 0;