tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 10:21:53 +08:00 · 2023-12-08 10:21:53 +08:00 · 2bef917a3c
commit 2bef917a3c
parent 177e49ad7a
1 changed files with 3 additions and 3 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1925,9 +1925,9 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl)
            MBEDTLS_SSL_DEBUG_MSG(
                1, ("TLS 1.2 not supported."));
            MBEDTLS_SSL_PEND_FATAL_ALERT(
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
-            return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+                MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION,
+                MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION);
+            return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
        }
        ssl->keep_current_message = 1;
        ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;