From 4f373a9773efa63fdb73f3972f13ab78b9342b70 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 21 Apr 2023 17:21:21 +0200
Subject: [PATCH] Copy min/max_proto_version from SSL_CTX to SSL only for the
 same method types

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)
---
 ssl/ssl_lib.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index eac7fd659e4..9b543576302 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -747,8 +747,10 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
 
     s->options = ctx->options;
     s->dane.flags = ctx->dane.flags;
-    s->min_proto_version = ctx->min_proto_version;
-    s->max_proto_version = ctx->max_proto_version;
+    if (method->version == ctx->method->version) {
+        s->min_proto_version = ctx->min_proto_version;
+        s->max_proto_version = ctx->max_proto_version;
+    }
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
     s->max_early_data = ctx->max_early_data;
-- 
2.47.2