No TLS 1.3 with SNI when default context without certificate

[Zash]

In a setup where certificates are selected via SNI and the default context has no certificate, connections are capped to TLS 1.2, despite TLS 1.3 being available.

Setting a default certificate and results in TLS 1.3.

To reproduce, apply the following patch to the sni sample and run

lua server.lua &
openssl s_client -connect 127.0.0.1:8888 -servername servera.br

diff --git a/samples/sni/server.lua b/samples/sni/server.lua
index 2de6a8d..ae5f6ed 100644
--- a/samples/sni/server.lua
+++ b/samples/sni/server.lua
@@ -1,6 +1,13 @@
 local socket = require("socket")
 local ssl    = require("ssl")
 
+local params00 = {
+  mode = "server",
+  protocol = "any",
+  cafile = "../certs/rootA.pem",
+  verify = "none",
+}
+
 local params01 = {
   mode = "server",
   protocol = "any",
@@ -24,6 +31,7 @@ local params02 = {
 }
 
 --
+local ctx00 = ssl.newcontext(params00)
 local ctx01 = ssl.newcontext(params01)
 local ctx02 = ssl.newcontext(params02)
 
@@ -36,7 +44,7 @@ local conn = server:accept()
 --
 
 -- Default context (when client does not send a name) is ctx01
-conn = ssl.wrap(conn, ctx01)
+conn = ssl.wrap(conn, ctx00)
 
 -- Configure the name map
 local sni_map = {

[brunoos]

I did the same example in Python to see what happens and I got the same result.

It seems that TLS 1.3 needs certificate/key in the earlier stage of handshake, before SNI. Since it does not have them, it downgrades to TLS 1.2.