+ ciphers = SSL_CTX_get_ciphers(cctx);
+ if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) {
+ printf("Unexpected ciphers set\n");
+ goto end;
+ }
+ currcipher = sk_SSL_CIPHER_value(ciphers, 0);
+ if (currcipher == NULL) {
+ printf("Failed getting the current cipher\n");
+ goto end;
+ }
+
+ /*
+ * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use
+ * TLSv1.3. Version negotiation happens before cipher selection, so we will
+ * get a "no shared cipher" error.
+ */
+ if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
+ if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) {
+ printf("Failed setting max protocol version\n");
+ goto end;
+ }
+ }
+