From 63ef0db60f7b9fc0c2bcabdc7e2bd133784ddd60 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Sat, 13 Dec 2014 20:13:10 +0000 Subject: [PATCH] Don't set client_version to the ServerHello version. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The client_version needs to be preserved for the RSA key exchange. This change also means that renegotiation will, like TLS, repeat the old client_version rather than advertise only the final version. (Either way, version change on renego is not allowed.) This is necessary in TLS to work around an SChannel bug, but it's not strictly necessary in DTLS. (From BoringSSL) Reviewed-by: Emilia Käsper (cherry picked from commit ec1af3c4195c1dfecdd9dc7458850ab1b8b951e0) --- ssl/s3_clnt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c9b5ee183..b16b3c44c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -941,7 +941,7 @@ int ssl3_get_server_hello(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto f_err; } - s->version = s->client_version = s->method->version; + s->version = s->method->version; } if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))