From dee74e98dd93d1e0eefd0e1ca14f4dd12ed6a568 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 2 Mar 2018 09:56:03 +1000
Subject: [PATCH] Fix downgrading when WOLFSSL_TLS13 is defined (despite
 NO_OLD_TLS being defined)

---
 src/tls.c   | 4 ++--
 src/tls13.c | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index c6bf6cdc2..f30261d19 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -9008,7 +9008,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
             InitSSL_Method(method, MakeTLSv1_1());
     #endif
 #endif
-#ifndef NO_OLD_TLS
+#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
             method->downgrade = 1;
 #endif
         }
@@ -9132,7 +9132,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
             #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
     #endif
 #endif
-#ifndef NO_OLD_TLS
+#if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
             method->downgrade = 1;
 #endif
             method->side      = WOLFSSL_SERVER_END;
diff --git a/src/tls13.c b/src/tls13.c
index 0b80cd5f9..d21b23d70 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3622,7 +3622,8 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS) == NULL) {
         if (!ssl->options.downgrade) {
-            WOLFSSL_MSG("Client trying to connect with lesser version");
+            WOLFSSL_MSG("Client trying to connect with lesser version than "
+                        "TLS v1.3");
             return VERSION_ERROR;
         }
         ssl->version.minor = pv.minor;