ssl_tls.c: Fix ciphersuite selection regarding protocol version

Use the actual minimum and maximum of the minor version to be negotiated to filter ciphersuites to propose rather than the ones from the configuration. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-28 00:21:48 +03:00 · 2022-03-30 19:51:43 +02:00
parent 9847338429
commit f735cf1f0f
1 changed files with 4 additions and 2 deletions
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@ -431,9 +431,11 @@ static int ssl_validate_ciphersuite(
    if( suite_info == NULL )
        return( 1 );

-    if( ( suite_info->min_minor_ver > ssl->conf->max_minor_ver ) ||
-        ( suite_info->max_minor_ver < ssl->conf->min_minor_ver ) )
+    if( ( suite_info->min_minor_ver > ssl->minor_ver ) ||
+        ( suite_info->max_minor_ver < ssl->handshake->min_minor_ver ) )
+    {
        return( 1 );
+    }

 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)