From 2bef917a3c11090d063aa2ebd59d445e185dbdb7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Dec 2023 10:21:53 +0800 Subject: [PATCH] tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version Signed-off-by: Yanray Wang --- library/ssl_tls13_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 52d2db6e7..3baff36e7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1925,9 +1925,9 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG( 1, ("TLS 1.2 not supported.")); MBEDTLS_SSL_PEND_FATAL_ALERT( - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION, + MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION); + return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;