From 89bd274f446c534f59772ec72d168871db0f8d64 Mon Sep 17 00:00:00 2001
From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Thu, 18 Oct 2018 23:12:50 +0200
Subject: [PATCH] app-layer-ssl: fix JA3 bug in TLS version decoding

---
 src/app-layer-ssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 11d5ce4569..6c823da8c0 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -628,7 +628,8 @@ static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
         return -1;
     }
 
-    ssl_state->curr_connp->version = *input << 8 | *(input + 1);
+    uint16_t version = *input << 8 | *(input + 1);
+    ssl_state->curr_connp->version = version;
 
     /* TLSv1.3 draft1 to draft21 use the version field as earlier TLS
        versions, instead of using the supported versions extension. */
@@ -659,8 +660,7 @@ static inline int TLSDecodeHSHelloVersion(SSLState *ssl_state,
         if (ssl_state->ja3_str == NULL)
             return -1;
 
-        int rc = Ja3BufferAddValue(&ssl_state->ja3_str,
-                                   ssl_state->curr_connp->version);
+        int rc = Ja3BufferAddValue(&ssl_state->ja3_str, version);
         if (rc != 0)
             return -1;
     }