/* * ssl_set_client_hello_version - Work out what version we should be using for * the initial ClientHello. * * @s: client SSL handle. * * Returns 0 on success or an SSL error reason number on failure. */ int ssl_set_client_hello_version(SSL *s) { int ver_min, ver_max, ret; ret = ssl_get_client_min_max_version(s, &ver_min, &ver_max); if (ret != 0) return ret; s->client_version = s->version = ver_max; return 0; }
int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { int currv, min_version, max_version, reason; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u8(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, ERR_R_INTERNAL_ERROR); return 0; } reason = ssl_get_client_min_max_version(s, &min_version, &max_version); if (reason != 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason); return 0; } /* * TODO(TLS1.3): There is some discussion on the TLS list as to wheter * we should include versions <TLS1.2. For the moment we do. To be * reviewed later. */ for (currv = max_version; currv >= min_version; currv--) { /* TODO(TLS1.3): Remove this first if clause prior to release!! */ if (currv == TLS1_3_VERSION) { if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, ERR_R_INTERNAL_ERROR); return 0; } } else if (!WPACKET_put_bytes_u16(pkt, currv)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, ERR_R_INTERNAL_ERROR); return 0; } } if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, ERR_R_INTERNAL_ERROR); return 0; } return 1; }
/* * ssl_set_client_hello_version - Work out what version we should be using for * the initial ClientHello.legacy_version field. * * @s: client SSL handle. * * Returns 0 on success or an SSL error reason number on failure. */ int ssl_set_client_hello_version(SSL *s) { int ver_min, ver_max, ret; ret = ssl_get_client_min_max_version(s, &ver_min, &ver_max); if (ret != 0) return ret; s->version = ver_max; /* TLS1.3 always uses TLS1.2 in the legacy_version field */ if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION) ver_max = TLS1_2_VERSION; s->client_version = ver_max; return 0; }