Assume TLS 1.0 when ClientHello fragment is too short.

author: Bodo Möller <bodo@openssl.org> 2001-10-25 06:09:51 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-10-25 06:09:51 +0000
commit: ba1c602281ebe05087b8441b51cf9cf63c066a8c (patch)
tree: 636ce664abda9e507893b077e3b0ad128e5c93d8 /CHANGES
parent: cfc781be6e1362108ad836062f559d5afaff3a64 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 755efead7d..99d9dd0642 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,15 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+     faced with a pathologically small ClientHello fragment that does
+     not contain client_version: Instead of aborting with an error,
+     simply choose the highest available protocol version (i.e.,
+     TLS 1.0 unless it is disabled).  In practice, ClientHello
+     messages are never sent like this, but this change gives us
+     strictly correct behaviour at least for TLS.
+     [Bodo Moeller]
+
   +) Change all functions with names starting with des_ to be starting
      with DES_ instead.  This because there are increasing clashes with
      libdes and other des libraries that are currently used by other
author	Bodo Möller <bodo@openssl.org>	2001-10-25 06:09:51 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-10-25 06:09:51 +0000
commit	ba1c602281ebe05087b8441b51cf9cf63c066a8c (patch)
tree	636ce664abda9e507893b077e3b0ad128e5c93d8 /CHANGES
parent	cfc781be6e1362108ad836062f559d5afaff3a64 (diff)