Check for TLS 1.3 version first
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 4ed332f..dbd9a52 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -751,13 +751,13 @@
tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport);
p += 2;
- if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) &&
- mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
+ if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
found_supported_version = 1;
break;
}
- if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
+ if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) &&
+ mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
found_supported_version = 1;
break;
}