From 78ef7409995b053f21ee4333facae94cce57ff3e Mon Sep 17 00:00:00 2001
From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Tue, 12 Dec 2023 12:58:01 +0100
Subject: [PATCH] Remove redundant logic for DTLS server version selection

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22989)
---
 ssl/statem/statem_srvr.c | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b0f700dda4..da77c16e6b 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1734,16 +1734,9 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s)
         /* SSLv3/TLS */
         s->client_version = clienthello->legacy_version;
     }
-    /*
-     * Do SSL/TLS version negotiation if applicable.
-     */
-    if (SSL_CONNECTION_IS_DTLS(s)
-            && ssl->method->version != DTLS_ANY_VERSION
-            && DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {
-        protverr = SSL_R_VERSION_TOO_LOW;
-    } else {
-        protverr = ssl_choose_server_version(s, clienthello, &dgrd);
-    }
+
+    /* Choose the server SSL/TLS/DTLS version. */
+    protverr = ssl_choose_server_version(s, clienthello, &dgrd);
 
     if (protverr) {
         if (SSL_IS_FIRST_HANDSHAKE(s)) {