From f735cf1f0fc3df98957b52cbd9ef6d512b6f34eb Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 30 Mar 2022 19:51:43 +0200
Subject: [PATCH] ssl_tls.c: Fix ciphersuite selection regarding protocol
 version

Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_client.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/ssl_client.c b/library/ssl_client.c
index d9fd375f5e..610e6a4f19 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -431,9 +431,11 @@ static int ssl_validate_ciphersuite(
     if( suite_info == NULL )
         return( 1 );
 
-    if( ( suite_info->min_minor_ver > ssl->conf->max_minor_ver ) ||
-        ( suite_info->max_minor_ver < ssl->conf->min_minor_ver ) )
+    if( ( suite_info->min_minor_ver > ssl->minor_ver ) ||
+        ( suite_info->max_minor_ver < ssl->handshake->min_minor_ver ) )
+    {
         return( 1 );
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)