Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions of servers have a habit of hanging around for a considerable time so best if we handle this properly now.
This commit is contained in:
parent
2c627637c5
commit
41c0f68630
5
CHANGES
5
CHANGES
@ -837,6 +837,11 @@
|
|||||||
|
|
||||||
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
|
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Handle TLS versions 2.0 and later properly and correctly use the
|
||||||
|
highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
|
||||||
|
off ancient servers have a habit of sticking around for a while...
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) Modify compression code so it frees up structures without using the
|
*) Modify compression code so it frees up structures without using the
|
||||||
ex_data callbacks. This works around a problem where some applications
|
ex_data callbacks. This works around a problem where some applications
|
||||||
call CRYPTO_free_all_ex_data() before application exit (e.g. when
|
call CRYPTO_free_all_ex_data() before application exit (e.g. when
|
||||||
|
@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
|
|||||||
(p[1] == SSL3_VERSION_MAJOR) &&
|
(p[1] == SSL3_VERSION_MAJOR) &&
|
||||||
(p[5] == SSL3_MT_CLIENT_HELLO) &&
|
(p[5] == SSL3_MT_CLIENT_HELLO) &&
|
||||||
((p[3] == 0 && p[4] < 5 /* silly record length? */)
|
((p[3] == 0 && p[4] < 5 /* silly record length? */)
|
||||||
|| (p[9] == p[1])))
|
|| (p[9] >= p[1])))
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* SSLv3 or tls1 header
|
* SSLv3 or tls1 header
|
||||||
@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
|
|||||||
v[1] = TLS1_VERSION_MINOR;
|
v[1] = TLS1_VERSION_MINOR;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
/* if major version number > 3 set minor to a value
|
||||||
|
* which will use the highest version 3 we support.
|
||||||
|
* If TLS 2.0 ever appears we will need to revise
|
||||||
|
* this....
|
||||||
|
*/
|
||||||
|
else if (p[9] > SSL3_VERSION_MAJOR)
|
||||||
|
v[1]=0xff;
|
||||||
else
|
else
|
||||||
v[1]=p[10]; /* minor version according to client_version */
|
v[1]=p[10]; /* minor version according to client_version */
|
||||||
if (v[1] >= TLS1_VERSION_MINOR)
|
if (v[1] >= TLS1_VERSION_MINOR)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user