From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 21 Apr 2023 15:21:21 +0000 (+0200)
Subject: Copy min/max_proto_version from SSL_CTX to SSL only for the same method types
X-Git-Tag: openssl-3.2.0-alpha1~922
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=4f373a9773efa63fdb73f3972f13ab78b9342b70

Copy min/max_proto_version from SSL_CTX to SSL only for the same method types

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20764)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index eac7fd659e..9b54357630 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -747,8 +747,10 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method)
 
     s->options = ctx->options;
     s->dane.flags = ctx->dane.flags;
-    s->min_proto_version = ctx->min_proto_version;
-    s->max_proto_version = ctx->max_proto_version;
+    if (method->version == ctx->method->version) {
+        s->min_proto_version = ctx->min_proto_version;
+        s->max_proto_version = ctx->max_proto_version;
+    }
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
     s->max_early_data = ctx->max_early_data;