diff options
| author | Bodo Möller <bodo@openssl.org> | 2001-10-25 06:09:51 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2001-10-25 06:09:51 +0000 |
| commit | ba1c602281ebe05087b8441b51cf9cf63c066a8c (patch) | |
| tree | 636ce664abda9e507893b077e3b0ad128e5c93d8 | |
| parent | cfc781be6e1362108ad836062f559d5afaff3a64 (diff) | |
Assume TLS 1.0 when ClientHello fragment is too short.
| -rw-r--r-- | CHANGES | 9 | ||||
| -rw-r--r-- | ssl/s23_srvr.c | 19 |
2 files changed, 21 insertions, 7 deletions
@@ -12,6 +12,15 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when + faced with a pathologically small ClientHello fragment that does + not contain client_version: Instead of aborting with an error, + simply choose the highest available protocol version (i.e., + TLS 1.0 unless it is disabled). In practice, ClientHello + messages are never sent like this, but this change gives us + strictly correct behaviour at least for TLS. + [Bodo Moeller] + +) Change all functions with names starting with des_ to be starting with DES_ instead. This because there are increasing clashes with libdes and other des libraries that are currently used by other diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index fe8bd33ce7..f2e1dc4173 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -232,9 +232,9 @@ int ssl23_accept(SSL *s) } } end: + s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_ACCEPT_EXIT,ret); - s->in_handshake--; return(ret); } @@ -339,17 +339,22 @@ int ssl23_get_client_hello(SSL *s) /* We must look at client_version inside the Client Hello message * to get the correct minor version. * However if we have only a pathologically small fragment of the - * Client Hello message, this would be difficult, we'd have - * to read at least one additional record to find out. - * This doesn't usually happen in real life, so we just complain - * for now. - */ + * Client Hello message, this would be difficult, and we'd have + * to read more records to find out. + * No known SSL 3.0 client fragments ClientHello like this, + * so we simply assume TLS 1.0 to avoid protocol version downgrade + * attacks. */ if (p[3] == 0 && p[4] < 6) { +#if 0 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; +#else + v[1] = TLS1_VERSION_MINOR; +#endif } - v[1]=p[10]; /* minor version according to client_version */ + else + v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) |