diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-12-24 18:17:00 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-01-02 15:12:48 +0000 |
| commit | f3dcc8411e518fb0835c7d72df4a58718205260d (patch) | |
| tree | b08b79e5edf73e971343f245a443b1a3b76098e1 /ssl/s3_srvr.c | |
| parent | 1c2c5e402a757a63d690bd2390bd6b8b491ef184 (diff) | |
Don't change version number if session established
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.
Thanks to Marek Majkowski for additional analysis of this issue.
PR#3191
Diffstat (limited to 'ssl/s3_srvr.c')
| -rw-r--r-- | ssl/s3_srvr.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e5a8b3fbf2..52efed328a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s) (s->version != DTLS1_VERSION && s->client_version < s->version)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR) + if ((s->client_version>>8) == SSL3_VERSION_MAJOR && + !s->enc_write_ctx && !s->write_hash) { /* similar to ssl3_get_record, send alert using remote version number */ s->version = s->client_version; |