handshake: always accept TLS 1.2 in client hello if we have later protocols enabled

That is because after TLS 1.3 there is no negotiation of the version using
the Client Hello field, but with an extension.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 12 insertions, 1 deletions

diff --git a/lib/handshake.c b/lib/handshake.c
index 3a9480c24c..8ed442b897 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -365,8 +365,19 @@ _gnutls_negotiate_legacy_version(gnutls_session_t session,
 {
 	const version_entry_st *vers;
 
-	/* if we do not support that version  */
+	/* if we do not support that version, unless that version is TLS 1.2;
+	 * TLS 1.2 is handled separately because it is always advertized under TLS 1.3 or later */
 	if (adv_version == GNUTLS_VERSION_UNKNOWN || _gnutls_version_is_supported(session, adv_version) == 0) {
+
+		if (adv_version == GNUTLS_TLS1_2) {
+			vers = _gnutls_version_max(session);
+			if (vers->id >= GNUTLS_TLS1_2) {
+				if (_gnutls_set_current_version(session, adv_version) < 0)
+					return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
+				return adv_version;
+			}
+		}
+
 		/* if we get an unknown/unsupported version, then fail if the version we
 		 * got is too low to be supported */
 		if (!_gnutls_version_is_too_high(session, major, minor))