TLS: Choose the max version supported by the client, not first. This change is based on interpreting TLS 1.3 draft 18. Change-Id: I727961aff2f7318bcbbc8bf6d62b7d6ad3e62da9 Reviewed-on: https://boringssl-review.googlesource.com/11921 Reviewed-by: David Benjamin <davidben@google.com>

commit: f85d323114e024abdba626f1de5a73b9f0062da9 [log] [tgz]
author: Brian Smith <brian@briansmith.org> Fri Oct 28 10:34:06 2016 -1000
committer: David Benjamin <davidben@google.com> Mon Oct 31 19:39:20 2016 +0000
tree: 3ab4964853b1e98a4c8df5ccfbbc6b816fe7a681
parent: 6f733791148cf8a076bf0e95498235aadbe5926d [diff] [blame]
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 8db9bee..9200b85 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c

@@ -578,6 +578,9 @@
       return 0;
     }
 
+    /* Choose the newest commonly-supported version advertised by the client.
+     * The client orders the versions according to its preferences, but we're
+     * not required to honor the client's preferences. */
     int found_version = 0;
     while (CBS_len(&versions) != 0) {
       uint16_t ext_version;
@@ -590,10 +593,10 @@
         continue;
       }
       if (min_version <= ext_version &&
-          ext_version <= max_version) {
+          ext_version <= max_version &&
+          (!found_version || version < ext_version)) {
         version = ext_version;
         found_version = 1;
-        break;
       }
     }
commit	f85d323114e024abdba626f1de5a73b9f0062da9	[log] [tgz]
author	Brian Smith <brian@briansmith.org>	Fri Oct 28 10:34:06 2016 -1000
committer	David Benjamin <davidben@google.com>	Mon Oct 31 19:39:20 2016 +0000
tree	3ab4964853b1e98a4c8df5ccfbbc6b816fe7a681
parent	6f733791148cf8a076bf0e95498235aadbe5926d [diff] [blame]