wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

check SSL_OP_NO_TLSv1_2 in TLS 1.3 enabled client

Browse Source
This commit is contained in:
Chris Conlon
2021-10-28 16:30:02 -06:00
parent 6bb7e3900e
commit afad1374a3
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/tls13.c
View File

@ -3419,6 +3419,15 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
"TLS v1.3"); "TLS v1.3");
return VERSION_ERROR; return VERSION_ERROR;
} }
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
defined(WOLFSSL_WPAS_SMALL)
/* Check if client has disabled TLS 1.2 */
if (args->pv.minor == TLSv1_2_MINOR &&
(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
WOLFSSL_MSG("\tOption set to not allow TLSv1.2");
return VERSION_ERROR;
}
#endif
if (args->pv.minor < ssl->options.minDowngrade) if (args->pv.minor < ssl->options.minDowngrade)
return VERSION_ERROR; return VERSION_ERROR;