generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2811

Browse Source 
Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
This commit is contained in:
Dr. Stephen Henson 2012-05-11 13:32:26 +00:00
parent 1b452133ae
commit 6e164e5c3d
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -4,7 +4,9 @@
Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
*) *) Don't use TLS 1.0 record version number in initial client hello
if renegotiating.
[Steve Henson]
Changes between 1.0.1b and 1.0.1c [10 May 2012] Changes between 1.0.1b and 1.0.1c [10 May 2012]

1
ssl/s3_pkt.c
View File

@ -744,6 +744,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
* bytes and record version number > TLS 1.0 * bytes and record version number > TLS 1.0
*/ */
if (s->state == SSL3_ST_CW_CLNT_HELLO_B if (s->state == SSL3_ST_CW_CLNT_HELLO_B
&& !s->renegotiate
&& TLS1_get_version(s) > TLS1_VERSION) && TLS1_get_version(s) > TLS1_VERSION)
*(p++) = 0x1; *(p++) = 0x1;
else else