generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Wrong SSL version in DTLS1_BAD_VER ClientHello

Browse Source 
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.

RT#3711

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
David Woodhouse
2015-03-02 16:20:15 +00:00
committed by Matt Caswell
parent 5178a16c43
commit f7683aaf36
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/d1_lib.c
View File

@@ -273,7 +273,7 @@ void dtls1_clear(SSL *s)
ssl3_clear(s);
if (s->options & SSL_OP_CISCO_ANYCONNECT)
s->version = DTLS1_BAD_VER;
s->client_version = s->version = DTLS1_BAD_VER;
else if (s->method->version == DTLS_ANY_VERSION)
s->version = DTLS1_2_VERSION;
else