From 3bd2b02486275022512b7c5c4899227b5979e40c Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 3 Apr 2023 16:45:39 +0200
Subject: [PATCH] Check for TLS 1.3 version first

Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_tls13_server.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 4ed332f59..dbd9a52b3 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -751,13 +751,13 @@ static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl,
         tls_version = mbedtls_ssl_read_version(p, ssl->conf->transport);
         p += 2;
 
-        if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) &&
-            mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
+        if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
             found_supported_version = 1;
             break;
         }
 
-        if (MBEDTLS_SSL_VERSION_TLS1_3 == tls_version) {
+        if ((MBEDTLS_SSL_VERSION_TLS1_2 == tls_version) &&
+            mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) {
             found_supported_version = 1;
             break;
         }