diff options
| -rw-r--r-- | ssl/s23_clnt.c | 9 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 9 |
2 files changed, 15 insertions, 3 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 13412f26aa..76f1057b5b 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -523,8 +523,13 @@ static int ssl23_client_hello(SSL *s) d=buf; *(d++) = SSL3_RT_HANDSHAKE; *(d++) = version_major; - *(d++) = version_minor; /* arguably we should send the *lowest* suported version here - * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */ + /* Some servers hang if we use long client hellos + * and a record number > TLS 1.0. + */ + if (TLS1_get_client_version(s) > TLS1_VERSION) + *(d++) = 1; + else + *(d++) = version_minor; s2n((int)l,d); /* number of bytes to write */ diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a0169dcc06..adf8c387cc 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -740,7 +740,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr->type=type; *(p++)=(s->version>>8); - *(p++)=s->version&0xff; + /* Some servers hang if iniatial client hello is larger than 256 + * bytes and record version number > TLS 1.0 + */ + if (s->state == SSL3_ST_CW_CLNT_HELLO_B + && TLS1_get_version(s) > TLS1_VERSION) + *(p++) = 0x1; + else + *(p++)=s->version&0xff; /* field where we are to write out packet length */ plen=p; |