[tls] Always send maximum supported version in ClientHello

Always send the maximum supported version in our ClientHello message, even when performing renegotiation (in which case the current version may already be lower than the maximum supported version). This is permitted by the specification, and allows the ClientHello to be reconstructed verbatim at the point of selecting the handshake digest algorithm in tls_new_server_hello(). Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-02-09 07:10:39 +03:00 · 2022-11-09 14:01:15 +00:00
parent 54d83e92f0
commit 51ecc05490
1 changed files with 1 additions and 1 deletions
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1134,7 +1134,7 @@ static int tls_send_client_hello ( struct tls_connection *tls ) {
 	hello.type_length = ( cpu_to_le32 ( TLS_CLIENT_HELLO ) |
 			      htonl ( sizeof ( hello ) -
 				      sizeof ( hello.type_length ) ) );
-	hello.version = htons ( tls->version );
+	hello.version = htons ( TLS_VERSION_MAX );
 	memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) );
 	hello.session_id_len = tls->session_id_len;
 	memcpy ( hello.session_id, tls->session_id,