From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Tue, 26 Mar 2024 18:39:30 +0000 (+0100)
Subject: Fix wrong dtls 1 and 1.2 version check
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44bfb6aa784a63c64ad4b1373c70d9c4ae156776;p=thirdparty%2Fopenssl.git

Fix wrong dtls 1 and 1.2 version check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
---

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b24c4279af8..2fdb2eebf1d 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1970,8 +1970,9 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
     }
 
     if (!s->hit
-            && ssl_version_cmp(s, s->version, SSL_CONNECTION_IS_DTLS(s) ? DTLS1_VERSION : TLS1_VERSION) >= 0
+            && s->version >= TLS1_VERSION
             && !SSL_CONNECTION_IS_VERSION13(s)
+            && !SSL_CONNECTION_IS_DTLS(s)
             && s->ext.session_secret_cb != NULL) {
         const SSL_CIPHER *pref_cipher = NULL;
         /*