Partial workaround for PR#2771.

Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases...
author: Dr. Stephen Henson <steve@openssl.org> 2012-04-17 13:21:19 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-04-17 13:21:19 +0000
commit: 293706e72c314b0155f4e7062e57db4b48d0e60e (patch)
tree: aa84ffa341e2e01a6dd3d2ca01da7f4ebaacbe26 /ssl/s23_clnt.c
parent: 4a1fbd13ee2a15b6db2e795a57528509c52355bf (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index b3c48232d7..299af0f03a 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -521,8 +521,13 @@ static int ssl23_client_hello(SSL *s)
 			d=buf;
 			*(d++) = SSL3_RT_HANDSHAKE;
 			*(d++) = version_major;
-			*(d++) = version_minor; /* arguably we should send the *lowest* suported version here
-			                         * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
+			/* Some servers hang if we use long client hellos
+			 * and a record number > TLS 1.0.
+			 */
+			if (TLS1_get_client_version(s) > TLS1_VERSION)
+				*(d++) = 1;
+			else
+				*(d++) = version_minor;
 			s2n((int)l,d);
 
 			/* number of bytes to write */
author	Dr. Stephen Henson <steve@openssl.org>	2012-04-17 13:21:19 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-04-17 13:21:19 +0000
commit	293706e72c314b0155f4e7062e57db4b48d0e60e (patch)
tree	aa84ffa341e2e01a6dd3d2ca01da7f4ebaacbe26 /ssl/s23_clnt.c
parent	4a1fbd13ee2a15b6db2e795a57528509c52355bf (diff)