From ccae4a1582efcad311d095a8e6832b2b67d5ed05 Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor@indutny.com>
Date: Fri, 11 Mar 2016 17:44:01 +0300
Subject: Allow different protocol version when trying to reuse a session

We now send the highest supported version by the client, even if the session
uses an older version.

This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
  uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
  stuck trying to reuse the old version while both sides support a newer
  version

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

GH: #852, MR: #2452
---
 include/openssl/ssl.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include')

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 87d9e11acc..fc7dab06fd 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2511,6 +2511,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_SSL_SESSION_ID_CONFLICT                    302
 # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
 # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
+# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
 # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
 # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
 # define SSL_R_TLS_HEARTBEAT_PENDING                      366
-- 
cgit v1.2.3