From 58aab36b6effb0f47c14263c236ea6cdb360a78f Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@cloudflare.com>
Date: Mon, 16 Jan 2017 12:50:54 +0000
Subject: [PATCH] crypto/tls: use negotiated version for fallback check

BoGo: FallbackSCSV-VersionMatch-TLS13
---
 handshake_server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/handshake_server.go b/handshake_server.go
index c725384..c6427b2 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -350,7 +350,7 @@ Curves:
 	for _, id := range hs.clientHello.cipherSuites {
 		if id == TLS_FALLBACK_SCSV {
 			// The client is doing a fallback connection.
-			if hs.clientHello.vers < c.config.maxVersion() {
+			if c.vers < c.config.maxVersion() {
 				c.sendAlert(alertInappropriateFallback)
 				return false, errors.New("tls: client using inappropriate protocol fallback")
 			}