There is no point in sending that when min_proto_version is >= TLS1_3_VERSION.
So we set that during SSL_CTX initialization and skip adding the SCSV.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)
{
int i;
size_t totlen = 0, len, maxlen, maxverok = 0;
- int empty_reneg_info_scsv = !s->renegotiate;
+ int empty_reneg_info_scsv = !s->renegotiate
+ && (SSL_CONNECTION_IS_DTLS(s)
+ || s->min_proto_version < TLS1_3_VERSION);
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* Set disabled masks for this session */