Merge pull request #7840 from mrdeep1/dtls_downgrade

Support DTLS1.3 downgrade when server sends multiple handshakes in packet
2025-07-31 19:24:42 +02:00 · 2024-08-09 15:22:46 -05:00
parent 0d952c3343 bcbd701155
commit d351430222
1 changed files with 8 additions and 0 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -13086,6 +13086,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
        case HELLO_AGAIN_REPLY:
            /* Get the response/s from the server. */
            while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) {
+#ifdef WOLFSSL_DTLS13
+                if (!IsAtLeastTLSv1_3(ssl->version)) {
+        #ifndef WOLFSSL_NO_TLS12
+                    if (ssl->options.downgrade)
+                        return wolfSSL_connect(ssl);
+        #endif
+                }
+#endif /* WOLFSSL_DTLS13 */
                if ((ssl->error = ProcessReply(ssl)) < 0) {
                        WOLFSSL_ERROR(ssl->error);
                        return WOLFSSL_FATAL_ERROR;