From de6187f599e8ba5fb5c0a66881cc6cafe1dab62f Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Fri, 30 Sep 2022 17:43:47 +0200
Subject: [PATCH] tls: send protocol_version fatal alert on version mismatch

see rfc5246 Appendix E
---
 src/internal.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 7cce86cf6..976239468 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -26409,8 +26409,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
         i += OPAQUE16_LEN;
 
         ret = CheckVersion(ssl, pv);
-        if (ret != 0)
+        if (ret != 0) {
+            SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version);
             return ret;
+        }
 
 #ifdef WOLFSSL_TLS13
         if (IsAtLeastTLSv1_3(pv)) {