Avoid protocol rollback.

author: Bodo Möller <bodo@openssl.org> 2000-09-22 21:39:33 +0000
committer: Bodo Möller <bodo@openssl.org> 2000-09-22 21:39:33 +0000
commit: f1192b7f2e2b6683333ee99ff7def5bb413dc3d2 (patch)
tree: 817d5d6087958de805c73db1b910d239300620ce /CHANGES
parent: dbba890cf11f5ec1e44166a51e0a4062ccdc5279 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 26fb7f8a89..390c17e212 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,16 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a subsitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
   *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
      not set then we don't setup the error code for issuer check errors
      to avoid possibly overwriting other errors which the callback does
author	Bodo Möller <bodo@openssl.org>	2000-09-22 21:39:33 +0000
committer	Bodo Möller <bodo@openssl.org>	2000-09-22 21:39:33 +0000
commit	f1192b7f2e2b6683333ee99ff7def5bb413dc3d2 (patch)
tree	817d5d6087958de805c73db1b910d239300620ce /CHANGES
parent	dbba890cf11f5ec1e44166a51e0a4062ccdc5279 (diff)