Modify client hello version when renegotiating to enhance interop with

some servers.
author: Dr. Stephen Henson <steve@openssl.org> 2012-02-09 15:41:44 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-02-09 15:41:44 +0000
commit: fc6800d19f4a0ca852c07128952d4c347d2d7065 (patch)
tree: e02ba23553b8a930e042885a11b6630975c3109b /CHANGES
parent: d06f047b04dbdcd151efc620bf91253f0d70117e (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 9907aef8f3..47d76cb81a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 1.0.0f and 1.0.1  [xx XXX xxxx]
 
+  *) Some servers which support TLS 1.0 can choke if we initially indicate
+     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
+     encrypted premaster secret. As a workaround use the maximum pemitted
+     client version in client hello, this should keep such servers happy
+     and still work with previous versions of OpenSSL.
+     [Steve Henson]
+
   *) Add support for TLS/DTLS heartbeats.
      [Robin Seggelmann <seggelmann@fh-muenster.de>]
author	Dr. Stephen Henson <steve@openssl.org>	2012-02-09 15:41:44 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-02-09 15:41:44 +0000
commit	fc6800d19f4a0ca852c07128952d4c347d2d7065 (patch)
tree	e02ba23553b8a930e042885a11b6630975c3109b /CHANGES
parent	d06f047b04dbdcd151efc620bf91253f0d70117e (diff)