From db9ffcdcea20c3746214a4b1365edbc56971f84d Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Thu, 19 Mar 2026 00:17:14 -0600 Subject: [PATCH] disable resumption if downgrading from Tlsv13 to Tls12 or earlier --- src/tls13.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/tls13.c b/src/tls13.c index 27d1ec0c3fa..047645c3621 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -5275,6 +5275,12 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_DTLS13 */ + if (ssl->options.resuming) { + WOLFSSL_MSG("Attempted resumption: negotiated version" + " downgraded from TLS 1.3, falling back to full handshake"); + ssl->options.resuming = 0; + } + return DoServerHello(ssl, input, inOutIdx, helloSz); } } @@ -5391,6 +5397,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #ifndef WOLFSSL_NO_TLS12 ssl->options.tls1_3 = 0; + if (ssl->options.resuming) { + WOLFSSL_MSG("Attempted resumption: negotiated version" + " downgraded from TLS 1.3, falling back to full handshake"); + ssl->options.resuming = 0; + } return DoServerHello(ssl, input, inOutIdx, helloSz); #else SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version); @@ -5562,6 +5573,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else ssl->chVersion.minor = TLSv1_2_MINOR; /* Complete TLS v1.2 processing of ServerHello. */ + if (ssl->options.resuming) { + WOLFSSL_MSG("Attempted resumption negotiated version" + " downgraded from TLS 1.3, falling back to full handshake"); + ssl->options.resuming = 0; + } ret = DoServerHello(ssl, input, inOutIdx, helloSz); #else WOLFSSL_MSG("Client using higher version, fatal error");