From 7b0a3ce0f9f54cf7b527fe57d98748a7aaa571bd Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 13 Nov 2017 16:12:35 +0000 Subject: [PATCH] Ensure CCS sent before early_data has the correct record version Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/4701) --- ssl/ssl_locl.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6b899691f9..0e45b92fb0 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -323,7 +323,9 @@ && (s)->method->version != TLS_ANY_VERSION) # define SSL_TREAT_AS_TLS13(s) \ - (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ + (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \ + || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \ + || (s)->early_data_state == SSL_EARLY_DATA_WRITING \ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) # define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \