Wrong SSL version in DTLS1_BAD_VER ClientHello

Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f7683aaf36341dc65672ac2ccdbfd4a232e3626d)
author: David Woodhouse <dwmw2@infradead.org> 2015-03-02 16:20:15 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-09 11:07:47 +0000
commit: 0d691e0e27a5eed8ece790830b8a2168348b1373 (patch)
tree: 7a2055f201add2665d432877a09b0692673c5e92 /ssl/d1_lib.c
parent: ae3fcdf1e5865b709aed4e66924197bc6191fc5b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 28457579b7..1f1005421e 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -270,7 +270,7 @@ void dtls1_clear(SSL *s)
 
     ssl3_clear(s);
     if (s->options & SSL_OP_CISCO_ANYCONNECT)
-        s->version = DTLS1_BAD_VER;
+        s->client_version = s->version = DTLS1_BAD_VER;
     else if (s->method->version == DTLS_ANY_VERSION)
         s->version = DTLS1_2_VERSION;
     else
author	David Woodhouse <dwmw2@infradead.org>	2015-03-02 16:20:15 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-09 11:07:47 +0000
commit	0d691e0e27a5eed8ece790830b8a2168348b1373 (patch)
tree	7a2055f201add2665d432877a09b0692673c5e92 /ssl/d1_lib.c
parent	ae3fcdf1e5865b709aed4e66924197bc6191fc5b (diff)