diff options
author | Matt Caswell <matt@openssl.org> | 2018-04-23 17:14:47 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-04-24 09:58:33 +0100 |
commit | ba2fd95037b9550e3efb4547034951151cc0e273 (patch) | |
tree | 60753136964c3167795d1ef23f3239ea7480e43a /ssl/statem/statem_lib.c | |
parent | 0abb903b7618ad404c83ac9b44b2c1bf162b90de (diff) |
In a reneg use the same client_version we used last time
In 1.0.2 and below we always send the same client_version in a reneg
ClientHello that we sent the first time around, regardless of what
version eventually gets negotiated. According to a comment in
statem_clnt.c this is a workaround for some buggy servers that choked if
we changed the version used in the RSA encrypted premaster secret.
In 1.1.0+ this behaviour no longer occurs. This restores the original
behaviour.
Fixes #1651
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6060)
Diffstat (limited to 'ssl/statem/statem_lib.c')
-rw-r--r-- | ssl/statem/statem_lib.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 36d410bdf7..c4d4f26f7e 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1073,6 +1073,13 @@ int ssl_set_client_hello_version(SSL *s) { int ver_min, ver_max, ret; + /* + * In a renegotiation we always send the same client_version that we sent + * last time, regardless of which version we eventually negotiated. + */ + if (!SSL_IS_FIRST_HANDSHAKE(s)) + return 0; + ret = ssl_get_client_min_max_version(s, &ver_min, &ver_max); if (ret != 0) |