tls: Initialize SSL context tls_version in mbedtls_ssl_setup()

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2026-04-05 06:26:52 +00:00 · 2023-03-08 15:30:43 +01:00 · 2023-03-08 15:30:43 +01:00 · 8a12aeec93
commit 8a12aeec93
parent 5af4c7f0e2
3 changed files with 14 additions and 12 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1605,19 +1605,21 @@ struct mbedtls_ssl_context {
                                                    renego_max_records is < 0           */
 #endif /* MBEDTLS_SSL_RENEGOTIATION */

-    /** Server: Negotiated TLS protocol version.
-     *  Client: Maximum TLS version to be negotiated, then negotiated TLS
-     *          version.
+    /**
+     *  Maximum TLS version to be negotiated, then negotiated TLS version.
     *
-     *  It is initialized as the maximum TLS version to be negotiated in the
-     *  ClientHello writing preparation stage and used throughout the
-     *  ClientHello writing. For a fresh handshake not linked to any previous
-     *  handshake, it is initialized to the configured maximum TLS version
-     *  to be negotiated. When renegotiating or resuming a session, it is
-     *  initialized to the previously negotiated TLS version.
+     *  It is initialized as the configured maximum TLS version to be
+     *  negotiated by mbedtls_ssl_setup().
     *
-     *  Updated to the negotiated TLS version as soon as the ServerHello is
-     *  received.
+     *  When renegotiating or resuming a session, it is overwritten in the
+     *  ClientHello writing preparation stage with the previously negotiated
+     *  TLS version.
+     *
+     *  On client side, updated to the TLS version selected by the server for
+     *  the handshake when the ServerHello is received.
+     *
+     *  On server side, updated to the TLS version the server selects for the
+     *  handshake when the ClientHello is received.
     */
    mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);