From acfd98748b42a7fde7af1ce49b6afc84b1c861ed Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 22 Apr 2024 10:46:32 +0100
Subject: [PATCH] squash! Update tls state machine logic to support dtls1.3
 alongside tls1.3

Updated the logic in ssl_cipher_list_to_bytes to take account of the changes
from PR#24161
---
 ssl/statem/statem_clnt.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 026c72673ae61..4c0982cbc4053 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -4067,11 +4067,9 @@ int ssl_cipher_list_to_bytes(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *sk,
 {
     int i;
     size_t totlen = 0, len, maxlen, maxverok = 0;
-    int min_proto_version_limit = SSL_CONNECTION_IS_DTLS(s)
-                                  ? DTLS1_3_VERSION : TLS1_3_VERSION;
     int empty_reneg_info_scsv = !s->renegotiate
-                                && (ssl_version_cmp(s, s->min_proto_version, min_proto_version_limit) < 0
-                                    || s->min_proto_version == 0);
+                                && (SSL_CONNECTION_IS_DTLS(s)
+                                    || s->min_proto_version < TLS1_3_VERSION);
     SSL *ssl = SSL_CONNECTION_GET_SSL(s);
 
     /* Set disabled masks for this session */