Don't use decryption_failed alert for TLS v1.1 or later.

2011-01-04 19:39:27 +00:00 · 2011-01-04 19:39:27 +00:00 · 722521594c
commit 722521594c
parent a47577164c
1 changed files with 2 additions and 0 deletions
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@ -757,6 +757,8 @@ int tls1_enc(SSL *s, int send)
 			{
 			if (l == 0 || l%bs != 0)
 				{
+				if (s->version >= TLS1_1_VERSION)
+					return -1;
 				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
 				return 0;