diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-04-17 13:21:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-04-17 13:21:19 +0000 |
commit | 293706e72c314b0155f4e7062e57db4b48d0e60e (patch) | |
tree | aa84ffa341e2e01a6dd3d2ca01da7f4ebaacbe26 /ssl/s3_pkt.c | |
parent | 4a1fbd13ee2a15b6db2e795a57528509c52355bf (diff) |
Partial workaround for PR#2771.
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
Diffstat (limited to 'ssl/s3_pkt.c')
-rw-r--r-- | ssl/s3_pkt.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index ca5412dc2a..2d569cc1ce 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -740,7 +740,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr->type=type; *(p++)=(s->version>>8); - *(p++)=s->version&0xff; + /* Some servers hang if iniatial client hello is larger than 256 + * bytes and record version number > TLS 1.0 + */ + if (s->state == SSL3_ST_CW_CLNT_HELLO_B + && TLS1_get_version(s) > TLS1_VERSION) + *(p++) = 0x1; + else + *(p++)=s->version&0xff; /* field where we are to write out packet length */ plen=p; |