wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't set client_version to the ServerHello version.

Browse source 
The client_version needs to be preserved for the RSA key exchange.

This change also means that renegotiation will, like TLS, repeat the old
client_version rather than advertise only the final version. (Either way,
version change on renego is not allowed.) This is necessary in TLS to work
around an SChannel bug, but it's not strictly necessary in DTLS.

(From BoringSSL)

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit ec1af3c419)
This commit is contained in:
Adam Langley 2014-12-13 20:13:10 +00:00 committed by Matt Caswell
parent f74f5c8586
commit 63ef0db60f
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ssl/s3_clnt.c
View file

@ -941,7 +941,7 @@ int ssl3_get_server_hello(SSL *s)
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
s->version = s->client_version = s->method->version;
s->version = s->method->version;
}
if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))