Partial workaround for PR#2771.

Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases...
author: Dr. Stephen Henson <steve@openssl.org> 2012-04-17 13:20:19 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-04-17 13:20:19 +0000
commit: 4a1cf50187659e60c5867ecbbc36e37b2605d2c3 (patch)
tree: 943975843776f81a4a3d211fb439a24c643826c4 /ssl/s23_clnt.c
parent: 32e12316e52a6161dd32ec5d7155e9769e1a0c83 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 13412f26aa..76f1057b5b 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -523,8 +523,13 @@ static int ssl23_client_hello(SSL *s)
 			d=buf;
 			*(d++) = SSL3_RT_HANDSHAKE;
 			*(d++) = version_major;
-			*(d++) = version_minor; /* arguably we should send the *lowest* suported version here
-			                         * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
+			/* Some servers hang if we use long client hellos
+			 * and a record number > TLS 1.0.
+			 */
+			if (TLS1_get_client_version(s) > TLS1_VERSION)
+				*(d++) = 1;
+			else
+				*(d++) = version_minor;
 			s2n((int)l,d);
 
 			/* number of bytes to write */
author	Dr. Stephen Henson <steve@openssl.org>	2012-04-17 13:20:19 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-04-17 13:20:19 +0000
commit	4a1cf50187659e60c5867ecbbc36e37b2605d2c3 (patch)
tree	943975843776f81a4a3d211fb439a24c643826c4 /ssl/s23_clnt.c
parent	32e12316e52a6161dd32ec5d7155e9769e1a0c83 (diff)