From 1eef26bd8924058b9ba0e52786b6afab80db23a9 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 21 Apr 2023 17:19:27 +0200
Subject: [PATCH] Do not send the empty renegotiation info SCSV in QUIC

There is no point in sending that when min_proto_version is >= TLS1_3_VERSION.
So we set that during SSL_CTX initialization and skip adding the SCSV.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)
---
 ssl/statem/statem_clnt.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 1e333194130..e7a0d8ccfdc 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -4027,7 +4027,9 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk,
 {
     int i;
     size_t totlen = 0, len, maxlen, maxverok = 0;
-    int empty_reneg_info_scsv = !s->renegotiate;
+    int empty_reneg_info_scsv = !s->renegotiate
+                                && (SSL_CONNECTION_IS_DTLS(s)
+                                    || s->min_proto_version < TLS1_3_VERSION);
     SSL *ssl = SSL_CONNECTION_GET_SSL(s);
 
     /* Set disabled masks for this session */
-- 
2.47.2