From 7cfbc598ed2c984fb99db5c9f1adf255aaa65704 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 21 Sep 2020 17:53:13 -0700
Subject: [PATCH] Fix to not assume TLS v1.3 based on extended key share
 extension.

---
 src/sniffer.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index fa27dba65..19ab310d2 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2778,6 +2778,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
                 session->sslServer->version.minor = input[1];
                 session->sslClient->version.major = input[0];
                 session->sslClient->version.minor = input[1];
+                if (IsAtLeastTLSv1_3(session->sslServer->version)) {
+                    /* The server side handshake encryption is on for future packets */
+                    session->flags.serverCipherOn = 1;
+                }
                 break;
             case EXT_MASTER_SECRET:
             #ifdef HAVE_EXTENDED_MASTER
@@ -3131,9 +3135,6 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
                 break;
             }
             XMEMCPY(session->cliKeyShare, &input[2], ksLen);
-
-            /* The server side handshake encryption is on for future packets */
-            session->flags.serverCipherOn = 1;
             break;
         }
         #ifdef HAVE_SESSION_TICKET