generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix DTLS session resumption

Browse Source 
The session object on the client side is initially created during
construction of the ClientHello. If the client is DTLS1.2 capable then it
will store 1.2 as the version for the session. However if the server is only
DTLS1.0 capable then when the ServerHello comes back the client switches to
using DTLS1.0 from then on. However the session version does not get
updated. Therefore when the client attempts to resume that session the
server throws an alert because of an incorrect protocol version.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7322abf5ce)

Conflicts:
	ssl/s3_clnt.c
This commit is contained in:
Matt Caswell 2015-05-06 11:40:06 +01:00
parent adba3b3bf1
commit af3aa2b5ef
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_clnt.c
View File

@ -958,7 +958,7 @@ int ssl3_get_server_hello(SSL *s)
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
s->version = s->method->version;
s->session->ssl_version = s->version = s->method->version;
}
if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {