3 files changed, 15 insertions, 2 deletions

diff --git a/ssl/internal.h b/ssl/internal.h
index fca2dda..3745592 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1021,6 +1021,7 @@ enum ssl_grease_index_t {
   ssl_grease_group,
   ssl_grease_extension1,
   ssl_grease_extension2,
+  ssl_grease_version,
 };
 
 /* ssl_get_grease_value returns a GREASE value for |ssl|. For a given
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 281fc71..da446e0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2279,6 +2279,12 @@ static int ext_supported_versions_add_clienthello(SSL *ssl, CBB *out) {
     return 0;
   }
 
+  /* Add a fake version. See draft-davidben-tls-grease-01. */
+  if (ssl->ctx->grease_enabled &&
+      !CBB_add_u16(&versions, ssl_get_grease_value(ssl, ssl_grease_version))) {
+    return 0;
+  }
+
   for (uint16_t version = max_version; version >= min_version; version--) {
     if (!CBB_add_u16(&versions, ssl->method->version_to_wire(version))) {
       return 0;
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 3f166ec..affdbda 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -233,13 +233,16 @@ func (hs *serverHandshakeState) readClientHello() error {
 		c.vers = config.Bugs.NegotiateVersionOnRenego
 	} else if len(hs.clientHello.supportedVersions) > 0 {
 		// Use the versions extension if supplied.
-		var foundVersion bool
+		var foundVersion, foundGREASE bool
 		for _, extVersion := range hs.clientHello.supportedVersions {
+			if isGREASEValue(extVersion) {
+				foundGREASE = true
+			}
 			extVersion, ok = wireToVersion(extVersion, c.isDTLS)
 			if !ok {
 				continue
 			}
-			if config.isSupportedVersion(extVersion, c.isDTLS) {
+			if config.isSupportedVersion(extVersion, c.isDTLS) && !foundVersion {
 				c.vers = extVersion
 				foundVersion = true
 				break
@@ -249,6 +252,9 @@ func (hs *serverHandshakeState) readClientHello() error {
 			c.sendAlert(alertProtocolVersion)
 			return errors.New("tls: client did not offer any supported protocol versions")
 		}
+		if config.Bugs.ExpectGREASE && !foundGREASE {
+			return errors.New("tls: no GREASE version value found")
+		}
 	} else {
 		// Otherwise, use the legacy ClientHello version.
 		version := clientVersion