The record version for ClientHello2 should be TLS1.2

According to TLSv1.3 draft-24 the record version for ClientHello2 should be TLS1.2, and not TLS1.0 as it is now. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5377)
author: Matt Caswell <matt@openssl.org> 2018-02-15 14:29:45 +0000
committer: Matt Caswell <matt@openssl.org> 2018-02-19 14:02:33 +0000
commit: 5f7470df83cb179f793026a5950c1446866c9cab (patch)
tree: b9029201a8ee8718a14e6dd82aaed95e4eb82c58 /ssl
parent: b761ff4e77f74f91d8694964039af24ead3c2467 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index ea70258252..0953d2b01d 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -839,7 +839,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * and record version number > TLS 1.0
          */
         if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
-            && !s->renegotiate && TLS1_get_version(s) > TLS1_VERSION)
+                && !s->renegotiate
+                && TLS1_get_version(s) > TLS1_VERSION
+                && s->hello_retry_request == SSL_HRR_NONE)
             version = TLS1_VERSION;
 
         maxcomplen = pipelens[j];
author	Matt Caswell <matt@openssl.org>	2018-02-15 14:29:45 +0000
committer	Matt Caswell <matt@openssl.org>	2018-02-19 14:02:33 +0000
commit	5f7470df83cb179f793026a5950c1446866c9cab (patch)
tree	b9029201a8ee8718a14e6dd82aaed95e4eb82c58 /ssl
parent	b761ff4e77f74f91d8694964039af24ead3c2467 (diff)