commit 3bd2b02486275022512b7c5c4899227b5979e40c
author Ronald Cron <ronald.cron@arm.com> Mon Apr 03 16:45:39 2023 +0200
committer Ronald Cron <ronald.cron@arm.com> Thu Apr 06 10:26:18 2023 +0200
tree e0a816e1061d4b8001fca44c645ec7aedc721579
parent b828c7d3de14dff05b4ce6a050f79b3d810e18e7

Check for TLS 1.3 version first

Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 4ed332f..dbd9a52 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -751,13 +751,13 @@
         tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport);
         p += 2;
 
-        if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) &&
-            mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
+        if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
             found_supported_version = 1;
             break;
         }
 
-        if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
+        if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) &&
+            mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
             found_supported_version = 1;
             break;
         }