From 0928b00aaf82a7f36c1d1b90dd1dc57a44d6fea4 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 17 Jul 2022 15:51:06 +0000
Subject: [PATCH] Disable TLSv1.3 middlebox compatibility mode for QUIC
 connections.

This is required by RFC 9001.

ok tb@
---
 lib/libssl/tls13_lib.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c
index 8b8ea7f01b0..6522c104d63 100644
--- a/lib/libssl/tls13_lib.c
+++ b/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.64 2022/07/17 15:49:20 jsing Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.65 2022/07/17 15:51:06 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -401,7 +401,8 @@ tls13_ctx_new(int mode, SSL *ssl)
 	ctx->info_cb = tls13_legacy_info_cb;
 	ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
 
-	ctx->middlebox_compat = 1;
+	if (!SSL_is_quic(ssl))
+		ctx->middlebox_compat = 1;
 
 	ssl->internal->tls13 = ctx;
 
-- 
2.20.1