Fix mbedtls_ssl_get_version() for TLSv1.3

Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt
new file mode 100644
index 0000000..4436522
--- /dev/null
+++ b/ChangeLog.d/ssl_get_version_1_3.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 436e15c..adb18ab 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2241,7 +2241,8 @@
     {
         case MBEDTLS_SSL_MINOR_VERSION_3:
             return( "TLSv1.2" );
-
+        case MBEDTLS_SSL_MINOR_VERSION_4:
+            return( "TLSv1.3" );
         default:
             return( "unknown" );
     }
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dd05716..0548c14 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9668,6 +9668,7 @@
             -c "<= parse certificate verify"          \
             -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
             -c "<= parse finished message" \
+            -c "Protocol is TLSv1.3" \
             -c "HTTP/1.0 200 ok"
 
 requires_gnutls_tls1_3