Wrong SSL version in DTLS1_BAD_VER ClientHello
Since commit741c9959
("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commitf7683aaf36
)
This commit is contained in:
parent
ae3fcdf1e5
commit
0d691e0e27
@ -270,7 +270,7 @@ void dtls1_clear(SSL *s)
|
||||
|
||||
ssl3_clear(s);
|
||||
if (s->options & SSL_OP_CISCO_ANYCONNECT)
|
||||
s->version = DTLS1_BAD_VER;
|
||||
s->client_version = s->version = DTLS1_BAD_VER;
|
||||
else if (s->method->version == DTLS_ANY_VERSION)
|
||||
s->version = DTLS1_2_VERSION;
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user