generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if

Browse Source 
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
This commit is contained in:
Bodo Möller
2001-10-20 17:52:40 +00:00
parent 1e55e768c3
commit 9ccadf1c6f
5 changed files with 142 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_pkt.c
View File

@@ -1177,6 +1177,8 @@ void ssl3_send_alert(SSL *s, int level, int desc)
{
/* Map tls/ssl alert value to correct one */
desc=s->method->ssl3_enc->alert_value(desc);
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
if (desc < 0) return;
/* If a fatal one, remove from cache */
if ((level == 2) && (s->session != NULL))