generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Partial workaround for PR#2771.

Browse Source 
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
This commit is contained in:
Dr. Stephen Henson
2012-04-17 13:20:37 +00:00
parent f6a1939f0f
commit 32213fb25a
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/s23_clnt.c
View File

@@ -521,8 +521,13 @@ static int ssl23_client_hello(SSL *s)
d=buf;
*(d++) = SSL3_RT_HANDSHAKE;
*(d++) = version_major;
*(d++) = version_minor; /* arguably we should send the *lowest* suported version here
* (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
/* Some servers hang if we use long client hellos
* and a record number > TLS 1.0.
*/
if (TLS1_get_client_version(s) > TLS1_VERSION)
*(d++) = 1;
else
*(d++) = version_minor;
s2n((int)l,d);
/* number of bytes to write */