tls13: srv: Move TLS version setting
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index bd27eaf..b2166d2 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1291,17 +1291,6 @@
}
p += 2;
- /*
- * Only support TLS 1.3 currently, temporarily set the version.
- */
- ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- /* Store minor version for later use with ticket serialization. */
- ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
- ssl->session_negotiate->endpoint = ssl->conf->endpoint;
-#endif
-
/* ...
* Random random;
* ...
@@ -1373,6 +1362,17 @@
p, cipher_suites_len);
/*
+ * Only support TLS 1.3 currently, temporarily set the version.
+ */
+ ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ /* Store minor version for later use with ticket serialization. */
+ ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ ssl->session_negotiate->endpoint = ssl->conf->endpoint;
+#endif
+
+ /*
* Search for a matching ciphersuite
*/
for (; p < cipher_suites_end; p += 2) {