tls: Include TLS version announced in Client Hello in encrypted premaster

While a hardcoded 1.2 version is fine when we offer that in Client Hello, we
should include the actually offered version if it has been reduced before
starting the exchange.

diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index b429da3004c1f5993e665638a8ffba8cf2393236..a95b40f55f83a868fbd33e74df8c47d7784fba3b 100644 (file)
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -79,6 +79,11 @@ struct private_tls_peer_t {
         */
        peer_state_t state;
 
+       /**
+        * TLS version we offered in hello
+        */
+       tls_version_t hello_version;
+
        /**
         * Hello random data selected by client
         */
@@ -724,6 +729,7 @@ static status_t send_client_hello(private_tls_peer_t *this,
 
        /* TLS version */
        version = this->tls->get_version(this->tls);
+       this->hello_version = version;
        writer->write_uint16(writer, version);
        writer->write_data(writer, chunk_from_thing(this->client_random));
 
@@ -917,7 +923,7 @@ static status_t send_key_exchange_encrypt(private_tls_peer_t *this,
                return NEED_MORE;
        }
        rng->destroy(rng);
-       htoun16(premaster, TLS_1_2);
+       htoun16(premaster, this->hello_version);
 
        if (!this->crypto->derive_secrets(this->crypto, chunk_from_thing(premaster),
                                                                          this->session, this->server,