Commit 293706e7 authored Apr 17, 2012 by Dr. Stephen Henson

Partial workaround for PR#2771.

Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...

parent 4a1fbd13

ssl/s23_clnt.c

+7 −2

Original line number	Diff line number	Diff line
		@@ -521,8 +521,13 @@ static int ssl23_client_hello(SSL *s)
		d=buf;
		*(d++) = SSL3_RT_HANDSHAKE;
		*(d++) = version_major;
		(d++) = version_minor; / arguably we should send the lowest suported version here
		* (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
		/* Some servers hang if we use long client hellos
		* and a record number > TLS 1.0.
		*/
		if (TLS1_get_client_version(s) > TLS1_VERSION)
		*(d++) = 1;
		else
		*(d++) = version_minor;
		s2n((int)l,d);

		/* number of bytes to write */

ssl/s3_pkt.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -740,6 +740,13 @@ static int do_ssl3_write(SSL s, int type, const unsigned char buf,
		wr->type=type;

		*(p++)=(s->version>>8);
		/* Some servers hang if iniatial client hello is larger than 256
		* bytes and record version number > TLS 1.0
		*/
		if (s->state == SSL3_ST_CW_CLNT_HELLO_B
		&& TLS1_get_version(s) > TLS1_VERSION)
		*(p++) = 0x1;
		else
		*(p++)=s->version&0xff;

		/* field where we are to write out packet length */