[tls] Always send maximum supported version in ClientHello

Always send the maximum supported version in our ClientHello message,
even when performing renegotiation (in which case the current version
may already be lower than the maximum supported version).

This is permitted by the specification, and allows the ClientHello to
be reconstructed verbatim at the point of selecting the handshake
digest algorithm in tls_new_server_hello().

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/net/tls.c b/src/net/tls.c
index 0e3e68b6b1122196eda55849a07bb9fa102fe4b0..af310a58f185e78e2ad9b929712941486a535303 100644 (file)
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1134,7 +1134,7 @@ static int tls_send_client_hello ( struct tls_connection *tls ) {
        hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) |
                              htonl ( sizeof ( hello ) -
                                      sizeof ( hello.type_length ) ) );
-       hello.version = htons ( tls->version );
+       hello.version = htons ( TLS_VERSION_MAX );
        memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) );
        hello.session_id_len = tls->session_id_len;
        memcpy ( hello.session_id, tls->session_id,