diff options
author | David Woodhouse <dwmw2@infradead.org> | 2015-03-02 16:20:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-09 11:07:47 +0000 |
commit | 0d691e0e27a5eed8ece790830b8a2168348b1373 (patch) | |
tree | 7a2055f201add2665d432877a09b0692673c5e92 /ssl/d1_lib.c | |
parent | ae3fcdf1e5865b709aed4e66924197bc6191fc5b (diff) |
Wrong SSL version in DTLS1_BAD_VER ClientHello
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.
RT#3711
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f7683aaf36341dc65672ac2ccdbfd4a232e3626d)
Diffstat (limited to 'ssl/d1_lib.c')
-rw-r--r-- | ssl/d1_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 28457579b7..1f1005421e 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -270,7 +270,7 @@ void dtls1_clear(SSL *s) ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version = DTLS1_BAD_VER; + s->client_version = s->version = DTLS1_BAD_VER; else if (s->method->version == DTLS_ANY_VERSION) s->version = DTLS1_2_VERSION; else |