PR: 2811
Reported by: Phil Pennock <openssl-dev@spodhuis.org> Make renegotiation work for TLS 1.2, 1.1 by not using a lower record version client hello workaround if renegotiating.
This commit is contained in:
Dr. Stephen Henson
parent
1b452133ae
commit
6e164e5c3d
2 changed files with 4 additions and 1 deletions
4
CHANGES
4
CHANGES
|
|
@ -4,7 +4,9 @@
|
|||
|
||||
Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
|
||||
|
||||
*)
|
||||
*) Don't use TLS 1.0 record version number in initial client hello
|
||||
if renegotiating.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.1b and 1.0.1c [10 May 2012]
|
||||
|
||||
|
|
|
|||
|
|
@ -744,6 +744,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
|
|||
* bytes and record version number > TLS 1.0
|
||||
*/
|
||||
if (s->state == SSL3_ST_CW_CLNT_HELLO_B
|
||||
&& !s->renegotiate
|
||||
&& TLS1_get_version(s) > TLS1_VERSION)
|
||||
*(p++) = 0x1;
|
||||
else
|
||||
|
|
|
|||
Loading…
Reference in a new issue