c->mask_a = 0;
c->mask_k = 0;
/* If less than TLS 1.2 don't allow TLS 1.2 only ciphers */
- if (TLS1_get_version(s) < TLS1_2_VERSION)
+ if (TLS1_get_client_version(s) < TLS1_2_VERSION)
c->mask_ssl = SSL_TLSV1_2;
else
c->mask_ssl = 0;
const unsigned short ext_len = 2;
const unsigned char list_len = 1;
- if ((lenmax = limit - ret - 6) < 0) return NULL;
+ if (limit < ret + 6)
+ return NULL;
+ lenmax = limit - ret - 6;
s2n(TLSEXT_TYPE_server_authz, ret);
/* Extension length: 2 bytes */